You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Steve hammond (JIRA)" <ji...@apache.org> on 2008/07/09 21:17:31 UTC

[jira] Created: (DIRSERVER-1196) Filter with special characters crashes JVM

Filter with special characters crashes JVM
------------------------------------------

                 Key: DIRSERVER-1196
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1196
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: core
    Affects Versions: 1.5.3
         Environment: Windows running under jboss
            Reporter: Steve hammond


the following command 
         FilterParser.parse("(memberOf=1.2.840.113556.1.4.1301=$#@&*()==,2.5.4.11=local,2.5.4.11=users,2.5.4.11=readimanager)");

will put the filter parser apparently into an infinite loop until the JVM crashes.

aparently it is the () in the middle.  LDAPStudio does not allow that in the filter, neither does ldapsearch.
So maybe just a check for parenthesis somewhere in the parse and a throw?  Are those the only 2 characters that a value cannot have?



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (DIRSERVER-1196) Filter with special characters crashes JVM

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny resolved DIRSERVER-1196.
------------------------------------------

    Resolution: Fixed

Fixed :
http://svn.apache.org/viewvc?rev=675343&view=rev

> Filter with special characters crashes JVM
> ------------------------------------------
>
>                 Key: DIRSERVER-1196
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1196
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.3
>         Environment: Windows running under jboss
>            Reporter: Steve hammond
>            Assignee: Emmanuel Lecharny
>
> the following command 
>          FilterParser.parse("(memberOf=1.2.840.113556.1.4.1301=$#@&*()==,2.5.4.11=local,2.5.4.11=users,2.5.4.11=readimanager)");
> will put the filter parser apparently into an infinite loop until the JVM crashes.
> aparently it is the () in the middle.  LDAPStudio does not allow that in the filter, neither does ldapsearch.
> So maybe just a check for parenthesis somewhere in the parse and a throw?  Are those the only 2 characters that a value cannot have?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DIRSERVER-1196) Filter with special characters crashes JVM

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/DIRSERVER-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12612274#action_12612274 ] 

Emmanuel Lecharny commented on DIRSERVER-1196:
----------------------------------------------

Ok, there is an infinite loop in the parseSubstring() method of the FilterParser class.

Will be fixed soon.

> Filter with special characters crashes JVM
> ------------------------------------------
>
>                 Key: DIRSERVER-1196
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1196
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.3
>         Environment: Windows running under jboss
>            Reporter: Steve hammond
>            Assignee: Emmanuel Lecharny
>
> the following command 
>          FilterParser.parse("(memberOf=1.2.840.113556.1.4.1301=$#@&*()==,2.5.4.11=local,2.5.4.11=users,2.5.4.11=readimanager)");
> will put the filter parser apparently into an infinite loop until the JVM crashes.
> aparently it is the () in the middle.  LDAPStudio does not allow that in the filter, neither does ldapsearch.
> So maybe just a check for parenthesis somewhere in the parse and a throw?  Are those the only 2 characters that a value cannot have?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (DIRSERVER-1196) Filter with special characters crashes JVM

Posted by "Steve hammond (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Steve hammond closed DIRSERVER-1196.
------------------------------------


> Filter with special characters crashes JVM
> ------------------------------------------
>
>                 Key: DIRSERVER-1196
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1196
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.3
>         Environment: Windows running under jboss
>            Reporter: Steve hammond
>            Assignee: Emmanuel Lecharny
>             Fix For: 1.5.3
>
>
> the following command 
>          FilterParser.parse("(memberOf=1.2.840.113556.1.4.1301=$#@&*()==,2.5.4.11=local,2.5.4.11=users,2.5.4.11=readimanager)");
> will put the filter parser apparently into an infinite loop until the JVM crashes.
> aparently it is the () in the middle.  LDAPStudio does not allow that in the filter, neither does ldapsearch.
> So maybe just a check for parenthesis somewhere in the parse and a throw?  Are those the only 2 characters that a value cannot have?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (DIRSERVER-1196) Filter with special characters crashes JVM

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny resolved DIRSERVER-1196.
------------------------------------------

    Resolution: Fixed

Fixed with :
http://svn.apache.org/viewvc?rev=675519&view=rev

> Filter with special characters crashes JVM
> ------------------------------------------
>
>                 Key: DIRSERVER-1196
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1196
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.3
>         Environment: Windows running under jboss
>            Reporter: Steve hammond
>            Assignee: Emmanuel Lecharny
>             Fix For: 1.5.3
>
>
> the following command 
>          FilterParser.parse("(memberOf=1.2.840.113556.1.4.1301=$#@&*()==,2.5.4.11=local,2.5.4.11=users,2.5.4.11=readimanager)");
> will put the filter parser apparently into an infinite loop until the JVM crashes.
> aparently it is the () in the middle.  LDAPStudio does not allow that in the filter, neither does ldapsearch.
> So maybe just a check for parenthesis somewhere in the parse and a throw?  Are those the only 2 characters that a value cannot have?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (DIRSERVER-1196) Filter with special characters crashes JVM

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny reassigned DIRSERVER-1196:
--------------------------------------------

    Assignee: Emmanuel Lecharny

> Filter with special characters crashes JVM
> ------------------------------------------
>
>                 Key: DIRSERVER-1196
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1196
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.3
>         Environment: Windows running under jboss
>            Reporter: Steve hammond
>            Assignee: Emmanuel Lecharny
>
> the following command 
>          FilterParser.parse("(memberOf=1.2.840.113556.1.4.1301=$#@&*()==,2.5.4.11=local,2.5.4.11=users,2.5.4.11=readimanager)");
> will put the filter parser apparently into an infinite loop until the JVM crashes.
> aparently it is the () in the middle.  LDAPStudio does not allow that in the filter, neither does ldapsearch.
> So maybe just a check for parenthesis somewhere in the parse and a throw?  Are those the only 2 characters that a value cannot have?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Reopened: (DIRSERVER-1196) Filter with special characters crashes JVM

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny reopened DIRSERVER-1196:
------------------------------------------


There is a big bug in the way filters are handled into the server. If a filter contains ecaped chars, like :
(description=this is a filter with escaped parentheses : \28\29)

then the entry is never found. 

This is because the filter escaped chars are never unescaped.

I have a fix for this, I will apply it after lunch.

> Filter with special characters crashes JVM
> ------------------------------------------
>
>                 Key: DIRSERVER-1196
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1196
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.3
>         Environment: Windows running under jboss
>            Reporter: Steve hammond
>            Assignee: Emmanuel Lecharny
>             Fix For: 1.5.3
>
>
> the following command 
>          FilterParser.parse("(memberOf=1.2.840.113556.1.4.1301=$#@&*()==,2.5.4.11=local,2.5.4.11=users,2.5.4.11=readimanager)");
> will put the filter parser apparently into an infinite loop until the JVM crashes.
> aparently it is the () in the middle.  LDAPStudio does not allow that in the filter, neither does ldapsearch.
> So maybe just a check for parenthesis somewhere in the parse and a throw?  Are those the only 2 characters that a value cannot have?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DIRSERVER-1196) Filter with special characters crashes JVM

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny updated DIRSERVER-1196:
-----------------------------------------

    Fix Version/s: 1.5.3

Will be fixed for 1.5.3

> Filter with special characters crashes JVM
> ------------------------------------------
>
>                 Key: DIRSERVER-1196
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1196
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.3
>         Environment: Windows running under jboss
>            Reporter: Steve hammond
>            Assignee: Emmanuel Lecharny
>             Fix For: 1.5.3
>
>
> the following command 
>          FilterParser.parse("(memberOf=1.2.840.113556.1.4.1301=$#@&*()==,2.5.4.11=local,2.5.4.11=users,2.5.4.11=readimanager)");
> will put the filter parser apparently into an infinite loop until the JVM crashes.
> aparently it is the () in the middle.  LDAPStudio does not allow that in the filter, neither does ldapsearch.
> So maybe just a check for parenthesis somewhere in the parse and a throw?  Are those the only 2 characters that a value cannot have?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.