From ad7d609fbdf8bc345569984971d0e7a18154b5d4 Mon Sep 17 00:00:00 2001
From: david_page <david_page@localhost>
Date: Thu, 03 May 2007 03:15:29 +0000
Subject: [PATCH] Issue [1024] Invalid filters are not detected by ldapsearch

---
 opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java |   12 ++++++++++++
 opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java |   32 ++++++++++++++++++++++++--------
 2 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java b/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java
index af4cef1..952fa3a 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java
@@ -4578,10 +4578,10 @@
 
 
   /**
-  * The message ID for the message that will be used if an error occurs parsing
-  * the geteffectiverights authzid because it does not start with the required
-  * string "dn:". This takes one argument, which is the authzid string.
-  */
+   * The message ID for the message that will be used if an error occurs parsing
+   * the geteffectiverights authzid because it does not start with the required
+   * string "dn:". This takes one argument, which is the authzid string.
+   */
  public static final int MSGID_GETEFFECTIVERIGHTS_INVALID_AUTHZID =
       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_INFORMATIONAL | 424;
 
@@ -4608,6 +4608,17 @@
 
 
   /**
+   * The message ID for the message that will be used if an LDAP search filter
+   * is enclosed in apostrophes ("single-quotes").
+   * (FIXME -- This error is a workaround for
+   * https://opends.dev.java.net/issues/show_bug.cgi?id=1024. A correct fix
+   * is to validate the characters used in the attribute type.
+   */
+  public static final int MSGID_LDAP_FILTER_ENCLOSED_IN_APOSTROPHES =
+       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 427;
+
+
+  /**
    * Associates a set of generic messages with the message IDs defined in this
    * class.
    */
@@ -6571,17 +6582,22 @@
                     "Unable to process the provided VLV response control " +
                     "because an error occurred while attempting to decode " +
                     "the control value:  %s");
-   registerMessage(MSGID_GETEFFECTIVERIGHTS_INVALID_AUTHZID,
+
+
+    registerMessage(MSGID_GETEFFECTIVERIGHTS_INVALID_AUTHZID,
                     "The authorization ID \"%s\" contained in the " +
                      "geteffectiverights control is invalid because it does" +
                      " not start with \"dn:\" to indicate a user DN");
     registerMessage(MSGID_GETEFFECTIVERIGHTS_DECODE_ERROR,
-            "Cannot decode the provided geteffectiverights " +
-             "request control:  %s");
+                    "Cannot decode the provided geteffectiverights " +
+                    "request control:  %s");
     registerMessage(MSGID_CANNOT_DECODE_GETEFFECTIVERIGHTS_AUTHZID_DN,
                     "Unable to decode authzid DN string \"%s\" as a valid " +
-                    "distinguished name:  %s"); }
+                    "distinguished name:  %s");
 
 
+    registerMessage(MSGID_LDAP_FILTER_ENCLOSED_IN_APOSTROPHES,
+                    "An LDAP filter enclosed in apostrophes is invalid:  %s");
+  }
 }
 
diff --git a/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java b/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java
index fe8fd84..dc72613 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java
@@ -360,6 +360,18 @@
       throw new LDAPException(LDAPResultCode.PROTOCOL_ERROR, msgID, message);
     }
 
+    // If the filter is enclosed in a pair of apostrophes ("single-quotes") it
+    // is invalid.
+    // (FIXME -- This error is a workaround for
+    //  https://opends.dev.java.net/issues/show_bug.cgi?id=1024. A correct fix
+    // is to validate the characters used in the attribute type.)
+    if (1 < filterString.length()
+         && filterString.startsWith("'") && filterString.endsWith("'"))
+    {
+      int msgID = MSGID_LDAP_FILTER_ENCLOSED_IN_APOSTROPHES;
+      String message = getMessage(msgID, filterString);
+      throw new LDAPException(LDAPResultCode.PROTOCOL_ERROR, msgID, message);
+    }
 
     // If the filter is surrounded by parentheses (which it should be), then
     // strip them off.

--
Gitblit v1.10.0