[jira] [Commented] (DIRSERVER-2109) Apply LDIF with special crafted DN creates two CN attributes

Stefan Seelmann (JIRA) Sun, 10 Jan 2016 05:42:54 -0800

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15091041#comment-15091041
 ]


Stefan Seelmann commented on DIRSERVER-2109:
--------------------------------------------

I digged a bit deeper. I added two more tests to AddIT that add entries with 
backlashes in RDN attribute value: 
http://svn.apache.org/viewvc?rev=1723924&view=rev

In AddOperationContext line 135 we create a schema-aware clone of the incoming 
entry, we clone the entry, the DN, the attributes, the values, and normalize 
everything. And deep down in PrepareString line 5187 we *unescape* the value. 

The problem is that we unescape the value for 2 different cases: when 
normalizing the DN/RDN *and* when normalizing the attribute value itself. In 
the latter case the unescape is wrong.

For example let's have this entry (LDAP and Java):

{code}
dn: cn=a\\b,ou=users,ou=system
objectClass: top
objectClass: person
cn: a\b
sn: test

Entry entry = new DefaultEntry( new Dn( "cn=a\\\\b,ou=users,ou=system" ) );
entry.add( "objectClass", "top", "person" );
entry.add( "cn", "a\\b" );
entry.add( "sn", "test" );
{code}

When normalizing the DN the value needs to be unescaped. But when normalizing 
the entry's attribute value no unescape must be done.

Here are the stacktraces when unescape is called:

Normalizing of DN: unescape is required
{code}
PrepareString.unescape(char[], int) line: 5195  
PrepareString.insignifiantSpacesStringAscii(String, boolean) line: 5187 
PrepareString.normalize(String, PrepareString$StringType) line: 253     
DeepTrimToLowerNormalizer.normalize(String) line: 103   
CachingDeepTrimToLowerNormalizer(CachingNormalizer).normalize(String) line: 124 
StringValue(AbstractValue<T>).apply(AttributeType) line: 175    
StringValue.<init>(AttributeType, String) line: 122     
Dn.atavOidToName(Ava, SchemaManager) line: 1101 
Dn.rdnOidToName(Rdn, SchemaManager) line: 1162  
Rdn.apply(SchemaManager) line: 481      
Dn.apply(SchemaManager, boolean) line: 1222     
Dn.apply(SchemaManager) line: 1301      
DefaultEntry.normalizeDN(Dn) line: 521  
DefaultEntry.<init>(SchemaManager, Entry) line: 291     
AddOperationContext.<init>(CoreSession, AddRequest) line: 136   
DefaultCoreSession.add(AddRequest, LogChange) line: 244 
DefaultCoreSession.add(AddRequest) line: 235    
LdapCoreSessionConnection.add(AddRequest) line: 189     
LdapCoreSessionConnection.add(Entry) line: 220  
AddIT.test_DIRSERVER_2109_2() line: 181 
{code}

Noralizing of attribute value: unescape is wrong!
{code}
PrepareString.unescape(char[], int) line: 5195  
PrepareString.insignifiantSpacesStringAscii(String, boolean) line: 5187 
PrepareString.normalize(String, PrepareString$StringType) line: 253     
DeepTrimToLowerNormalizer.normalize(String) line: 103   
CachingDeepTrimToLowerNormalizer(CachingNormalizer).normalize(String) line: 124 
StringValue(AbstractValue<T>).apply(AttributeType) line: 175    
StringValue.<init>(AttributeType, String) line: 122     
DefaultAttribute.<init>(AttributeType, Attribute) line: 478     
DefaultEntry.<init>(SchemaManager, Entry) line: 315     
AddOperationContext.<init>(CoreSession, AddRequest) line: 136   
DefaultCoreSession.add(AddRequest, LogChange) line: 244 
DefaultCoreSession.add(AddRequest) line: 235    
LdapCoreSessionConnection.add(AddRequest) line: 189     
LdapCoreSessionConnection.add(Entry) line: 220  
AddIT.test_DIRSERVER_2109_2() line: 181 
{code}


> Apply LDIF with special crafted DN creates two CN attributes
> ------------------------------------------------------------
>
>                 Key: DIRSERVER-2109
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2109
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M21
>            Reporter: Stefan Seelmann
>
> In Studio we have a test that injects an entry with a special crafted DN (cn 
> starts with #, contains plus, comma, quotes). This entry is injected using 
> the {{@ApplyLdifFiles}} annotation. The injected entry then contains two CN 
> attributes, one with proper unescaped value, one with still escaped value.
> Here is the LDIF:
> {code}
> # cn=\#\\\+\, \"öé\",ou=users,ou=system
> dn:: Y249XCNcXFwrXCwgXCLDtsOpXCIsb3U9dXNlcnMsb3U9c3lzdGVt
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> cn:: I1wrLCAiw7bDqSI=
> sn:: I1wrLCAiw7bDqSI=
> givenName:: I1wrLCAiw7bDqSI=
> uid:: I1wrLCAiw7bDqSI=
> {code}
> Here the sysout of the injected entry with the two CN attributes:
> {code}
>     dn[n]: cn=\#\\\+\, \"öé\",ou=users,ou=system
>     objectclass: organizationalPerson
>     objectclass: person
>     objectclass: inetOrgPerson
>     objectclass: top
>     givenname: #\+, "öé"
>     uid: #\+, "öé"
>     cn: #\+, "öé"
>     cn: \#\\\+\, \"öé\"
>     sn: #\+, "öé"
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2109) Apply LDIF with special crafted DN creates two CN attributes

Reply via email to