From fe4d6b1f8ee49c858ca2644851377ba2402d9509 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Thu, 25 Jul 2013 13:21:03 +0000
Subject: [PATCH] OPENDJ-948 (CR-1873) unauthorized disclosure of directory contents 

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java |   41 ++++++++++++++++++++++++-----------------
 1 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
index b832090..19035f9 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
@@ -23,7 +23,7 @@
  *
  *
  *      Copyright 2008-2010 Sun Microsystems, Inc.
- *      Portions copyright 2011-2012 ForgeRock AS
+ *      Portions copyright 2011-2013 ForgeRock AS
  */
 package org.opends.server.workflowelement.localbackend;
 
@@ -138,26 +138,33 @@
     // Check for a request to cancel this operation.
     checkIfCanceled(false);
 
-    BooleanHolder executePostOpPlugins = new BooleanHolder(false);
-    processSearch(wfe, executePostOpPlugins);
-
-    // Check for a request to cancel this operation.
-    checkIfCanceled(false);
-
-    // Invoke the post-operation search plugins.
-    if (executePostOpPlugins.value)
+    try
     {
-      PluginResult.PostOperation postOpResult =
-          DirectoryServer.getPluginConfigManager()
-              .invokePostOperationSearchPlugins(this);
-      if (!postOpResult.continueProcessing())
+      BooleanHolder executePostOpPlugins = new BooleanHolder(false);
+      processSearch(wfe, executePostOpPlugins);
+
+      // Check for a request to cancel this operation.
+      checkIfCanceled(false);
+
+      // Invoke the post-operation search plugins.
+      if (executePostOpPlugins.value)
       {
-        setResultCode(postOpResult.getResultCode());
-        appendErrorMessage(postOpResult.getErrorMessage());
-        setMatchedDN(postOpResult.getMatchedDN());
-        setReferralURLs(postOpResult.getReferralURLs());
+        PluginResult.PostOperation postOpResult =
+            DirectoryServer.getPluginConfigManager()
+                .invokePostOperationSearchPlugins(this);
+        if (!postOpResult.continueProcessing())
+        {
+          setResultCode(postOpResult.getResultCode());
+          appendErrorMessage(postOpResult.getErrorMessage());
+          setMatchedDN(postOpResult.getMatchedDN());
+          setReferralURLs(postOpResult.getReferralURLs());
+        }
       }
     }
+    finally
+    {
+      LocalBackendWorkflowElement.filterNonDisclosableMatchedDN(this);
+    }
   }
 
   private void processSearch(LocalBackendWorkflowElement wfe,

--
Gitblit v1.10.0