7041125: LDAP API does not catch malformed filters that contain two operands for the ! operator
Reviewed-by: weijun, xuelei
--- a/jdk/src/share/classes/com/sun/jndi/ldap/Filter.java Fri Jul 01 17:12:22 2011 -0700
+++ b/jdk/src/share/classes/com/sun/jndi/ldap/Filter.java Tue Jul 05 15:25:10 2011 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -632,15 +632,17 @@
}
}
+ // The complex filter types look like:
+ // "&(type=val)(type=val)"
+ // "|(type=val)(type=val)"
+ // "!(type=val)"
+ //
+ // The filtOffset[0] pointing to the '&', '|', or '!'.
+ //
private static void encodeComplexFilter(BerEncoder ber, byte[] filter,
int filterType, int filtOffset[], int filtEnd)
throws IOException, NamingException {
- //
- // We have a complex filter of type "&(type=val)(type=val)"
- // with filtOffset[0] pointing to the &
- //
-
if (dbg) {
dprint("encComplexFilter: ", filter, filtOffset[0], filtEnd);
dprint(", type: " + Integer.toString(filterType, 16));
@@ -652,7 +654,7 @@
ber.beginSeq(filterType);
int[] parens = findRightParen(filter, filtOffset, filtEnd);
- encodeFilterList(ber, filter, parens[0], parens[1]);
+ encodeFilterList(ber, filter, filterType, parens[0], parens[1]);
ber.endSeq();
@@ -706,7 +708,7 @@
// Encode filter list of type "(filter1)(filter2)..."
//
private static void encodeFilterList(BerEncoder ber, byte[] filter,
- int start, int end) throws IOException, NamingException {
+ int filterType, int start, int end) throws IOException, NamingException {
if (dbg) {
dprint("encFilterList: ", filter, start, end);
@@ -714,12 +716,16 @@
}
int filtOffset[] = new int[1];
-
- for (filtOffset[0] = start; filtOffset[0] < end;
- filtOffset[0]++) {
+ int listNumber = 0;
+ for (filtOffset[0] = start; filtOffset[0] < end; filtOffset[0]++) {
if (Character.isSpaceChar((char)filter[filtOffset[0]]))
continue;
+ if ((filterType == LDAP_FILTER_NOT) && (listNumber > 0)) {
+ throw new InvalidSearchFilterException(
+ "Filter (!) cannot be followed by more than one filters");
+ }
+
if (filter[filtOffset[0]] == '(') {
continue;
}
@@ -733,6 +739,8 @@
newfilter[0] = (byte)'(';
newfilter[len+1] = (byte)')';
encodeFilter(ber, newfilter, 0, newfilter.length);
+
+ listNumber++;
}
if (dbg) {
--- a/jdk/test/com/sun/jndi/ldap/InvalidLdapFilters.java Fri Jul 01 17:12:22 2011 -0700
+++ b/jdk/test/com/sun/jndi/ldap/InvalidLdapFilters.java Tue Jul 05 15:25:10 2011 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,8 +23,10 @@
/**
* @test
- * @bug 6916202
+ * @bug 6916202 7041125
* @summary More cases of invalid ldap filters accepted and processed
+ * LDAP API does not catch malformed filters that contain two operands
+ * for the ! operator
* @run main/othervm InvalidLdapFilters valid (cn=Babs)
* @run main/othervm InvalidLdapFilters valid (&(cn=Bob))
* @run main/othervm InvalidLdapFilters valid (&(objectClass=*)(uid=*))
@@ -34,6 +36,7 @@
* @run main/othervm InvalidLdapFilters valid (!(!(cn=Tim)))
* @run main/othervm InvalidLdapFilters valid (!(&(objectClass=*)(uid=*)))
* @run main/othervm InvalidLdapFilters valid (!(|(objectClass=*)(uid=*)))
+ * @run main/othervm InvalidLdapFilters valid (&(objectClass=*)(!(uid=*)))
* @run main/othervm InvalidLdapFilters valid (o=univ*of*mich*)
* @run main/othervm InvalidLdapFilters valid (seeAlso=)
* @run main/othervm InvalidLdapFilters valid (cn:caseExactMatch:=Flintstone)
@@ -75,6 +78,8 @@
"((objectCategory=person)(cn=u)(!(cn=u2*)))"
* @run main/othervm InvalidLdapFilters invalid
"((&(objectClass=user)(cn=andy*)(cn=steve*)(cn=bob*)))"
+ * @run main/othervm InvalidLdapFilters invalid
+ (&(objectClass=Person)(!(sn=Jensen)(cn=Bab)))
*
* @author Xuelei Fan
*/