From 183517787fe86c1bc2359ad807318b8bca573d17 Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Fri, 19 Jan 2018 16:34:36 +0100 Subject: [PATCH] Ticket 49545 - final substring extended filter search returns invalid result Bug Description: During a search (using extended filter with final substring), the server checks the filter before returning the matching entries. When checking the attribute value against the filter, it uses the wrong value. Fix Description: Make suree it uses the right portion of the attribute value, in order to generate the keys to compare. https://pagure.io/389-ds-base/issue/49545 Reviewed by: Ludwig Krispenz Platforms tested: F26 Flag Day: no Doc impact: no Signed-off-by: Mark Reynolds --- ldap/servers/plugins/collation/orfilter.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c index a98d90219..672ee7b19 100644 --- a/ldap/servers/plugins/collation/orfilter.c +++ b/ldap/servers/plugins/collation/orfilter.c @@ -182,17 +182,33 @@ ss_filter_match(or_filter_t * or, struct berval **vals) } else { /* final */ auto size_t attempts = MAX_CHAR_COMBINING; auto char *limit = v.bv_val; + auto char *end; auto struct berval **vkeys; auto struct berval *vals[2]; auto struct berval key; + rc = -1; vals[0] = &v; vals[1] = NULL; key.bv_val = (*k)->bv_val; key.bv_len = (*k)->bv_len - 1; - v.bv_val = (*vals)->bv_val + (*vals)->bv_len; + /* In the following lines it will loop to find + * if the end of the attribute value matches the 'final' of the filter + * Short summary: + * vals contains the attribute value :for example "hello world" + * key contain the key generated from the indexing of final part of the filter. + * for example filter=(=*ld), so key contains the indexing("ld"). + * + * The loop will iterate over the attribute value (vals) from the end of string + * to the begining. So it will try to index('d'), index('ld'), index('rld'), index('orld')... + * + * At each iteration if the key generated from indexing the portion of vals, matches + * the key generate from the final part of the filter, then the loop stops => we are done + */ + end = v.bv_val + v.bv_len - 1; + v.bv_val = end; while (1) { - v.bv_len = (*vals)->bv_len - (v.bv_val - (*vals)->bv_val); + v.bv_len = end - v.bv_val + 1; vkeys = ix->ix_index(ix, vals, NULL); if (vkeys && vkeys[0]) { auto const struct berval *vkey = vkeys[0]; -- 2.13.6