From 03a193546bd8fe8a80080e39916cb936046c0c76 Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Mar 06 2018 18:55:19 +0000 Subject: Ticket 49545 - final substring extended filter search returns invalid result Bug Description: During a search (using extended filter with final substring), the server checks the filter before returning the matching entries. When checking the attribute value against the filter, it uses the wrong value. Fix Description: Make suree it uses the right portion of the attribute value, in order to generate the keys to compare. https://pagure.io/389-ds-base/issue/49545 Reviewed by: Ludwig Krispenz Platforms tested: F26 Flag Day: no Doc impact: no --- diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c index bf1ccf8..dd7cb22 100644 --- a/ldap/servers/plugins/collation/orfilter.c +++ b/ldap/servers/plugins/collation/orfilter.c @@ -208,17 +208,32 @@ ss_filter_match (or_filter_t* or, struct berval** vals) } else { /* final */ auto size_t attempts = MAX_CHAR_COMBINING; auto char* limit = v.bv_val; + auto char *end; auto struct berval** vkeys; auto struct berval* vals[2]; auto struct berval key; + rc = -1; vals[0] = &v; vals[1] = NULL; key.bv_val = (*k)->bv_val; key.bv_len = (*k)->bv_len - 1; - v.bv_val = (*vals)->bv_val + (*vals)->bv_len; + /* In the following lines it will loop to find + * if the end of the attribute value matches the 'final' of the filter + * Short summary: + * vals contains the attribute value :for example "hello world" + * key contain the key generated from the indexing of final part of the filter. + * for example filter=(=*ld), so key contains the indexing("ld"). + * + * The loop will iterate over the attribute value (vals) from the end of string + * to the begining. So it will try to index('d'), index('ld'), index('rld'), index('orld')... + * + * the key generate from the final part of the filter, then the loop stops => we are done + */ + end = v.bv_val + v.bv_len - 1; + v.bv_val = end; while(1) { - v.bv_len = (*vals)->bv_len - (v.bv_val - (*vals)->bv_val); + v.bv_len = end - v.bv_val + 1; vkeys = ix->ix_index (ix, vals, NULL); if (vkeys && vkeys[0]) { auto const struct berval* vkey = vkeys[0];