ITS#10475 Escape asserted value before pasting into filter

author Ondřej Kuzník <ondra@mistotebe.net>

Tue, 7 Apr 2026 14:52:47 +0000 (15:52 +0100)

committer Quanah Gibson-Mount <quanah@openldap.org>

Wed, 8 Apr 2026 15:54:44 +0000 (15:54 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Tue, 7 Apr 2026 14:52:47 +0000 (15:52 +0100)
committer Quanah Gibson-Mount <quanah@openldap.org>
Wed, 8 Apr 2026 15:54:44 +0000 (15:54 +0000)
diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c

index 0ef27746a2b92bd7afcc06f889f070e40484233a..6ebd46ba967e747ea3d4b64dcde853b825988e1c 100644 (file)
--- a/servers/slapd/overlays/constraint.c
+++ b/servers/slapd/overlays/constraint.c
@@ -657,7 +657,7 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op )
                         int found = 0;
                         int rc;
                         size_t len;
-                       struct berval filterstr;
+                       struct berval filterstr, escaped;
                         char *ptr;
  
                         cb.sc_response = constraint_uri_cb;
@@ -701,11 +701,13 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op )
                                   c->filter.bv_len +
                                   STRLENOF(")(|");
  
+                       filter_escape_value_x( bv, &escaped, op->o_tmpmemctx );
+
                         for (i = 0; c->attrs[i]; i++) {
                                 len += STRLENOF("(") +
                                            c->attrs[i]->ad_cname.bv_len +
                                            STRLENOF("=") +
-                                          bv->bv_len +
+                                          escaped.bv_len +
                                            STRLENOF(")");
                         }
  
@@ -719,7 +721,7 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op )
                                 *ptr++ = '(';
                                 ptr = lutil_strcopy( ptr, c->attrs[i]->ad_cname.bv_val );
                                 *ptr++ = '=';
-                               ptr = lutil_strcopy( ptr, bv->bv_val );
+                               ptr = lutil_strcopy( ptr, escaped.bv_val );
                                 *ptr++ = ')';
                         }
                         *ptr++ = ')';
@@ -748,6 +750,7 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op )
                                         rc, found );
                         }
                         op->o_tmpfree(filterstr.bv_val, op->o_tmpmemctx);
+                       op->o_tmpfree(escaped.bv_val, op->o_tmpmemctx);
  
                         if ((rc != LDAP_SUCCESS) && (rc != LDAP_NO_SUCH_OBJECT)) {
                                 return rc; /* unexpected error */
diff --git a/tests/data/constraint/constraint.out b/tests/data/constraint/constraint.out

index a23cb308a2d10b934b14471a669e21ddd2a2975d..c35c1311ba8c5eb4d00a5a0726b9284a472640a3 100644 (file)
--- a/tests/data/constraint/constraint.out
+++ b/tests/data/constraint/constraint.out
@@ -29,6 +29,7 @@ FAIL
  FAIL
  FAIL
  FAIL
+FAIL
  OK
  FAIL
  FAIL
diff --git a/tests/data/constraint/t_fail_17.ldif b/tests/data/constraint/t_fail_17.ldif

new file mode 100644 (file)

index 0000000..193fae7
--- /dev/null
+++ b/tests/data/constraint/t_fail_17.ldif
@@ -0,0 +1,5 @@
+dn: cn=John Doe,ou=users,dc=example,dc=com
+changetype: modify
+replace: uid
+uid: 2*
+
author	Ondřej Kuzník <ondra@mistotebe.net>
	Tue, 7 Apr 2026 14:52:47 +0000 (15:52 +0100)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Wed, 8 Apr 2026 15:54:44 +0000 (15:54 +0000)
servers/slapd/overlays/constraint.c		patch \| blob \| blame \| history
tests/data/constraint/constraint.out		patch \| blob \| blame \| history
tests/data/constraint/t_fail_17.ldif	[new file with mode: 0644]	patch \| blob