From e0162a65460a9400c42074312dfa1b48bdd95a4e Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Mar 06 2018 17:55:38 +0000
Subject: Ticket 49545 - final substring extended filter search returns invalid result


Bug Description:
	During a search (using extended filter with final substring), the server
	checks the filter before returning the matching entries.
	When checking the attribute value against the filter, it
	uses the wrong value.

Fix Description:
	Make suree it uses the right portion of the attribute value, in order
	to generate the keys to compare.

https://pagure.io/389-ds-base/issue/49545

Reviewed by: Ludwig Krispenz

Platforms tested: F26

Flag Day: no

Doc impact: no

---

diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c
index a98d902..7705de9 100644
--- a/ldap/servers/plugins/collation/orfilter.c
+++ b/ldap/servers/plugins/collation/orfilter.c
@@ -182,17 +182,33 @@ ss_filter_match(or_filter_t * or, struct berval **vals)
                 } else { /* final */
                     auto size_t attempts = MAX_CHAR_COMBINING;
                     auto char *limit = v.bv_val;
+                    auto char *end;
                     auto struct berval **vkeys;
                     auto struct berval *vals[2];
                     auto struct berval key;
+
                     rc = -1;
                     vals[0] = &v;
                     vals[1] = NULL;
                     key.bv_val = (*k)->bv_val;
                     key.bv_len = (*k)->bv_len - 1;
-                    v.bv_val = (*vals)->bv_val + (*vals)->bv_len;
+                    /* In the following lines it will loop to find
+                     * if the end of the attribute value matches the 'final' of the filter
+                     * Short summary:
+                     * vals contains the attribute value :for example "hello world"
+                     * key contain the key generated from the indexing of final part of the filter.
+                     * for example filter=(<attribut>=*ld), so key contains the indexing("ld").
+                     *
+                     * The loop will iterate over the attribute value (vals) from the end of string
+                     * to the begining. So it will try to index('d'), index('ld'), index('rld'), index('orld')...
+                     *
+                     * At each iteration if the key generated from indexing the portion of vals, matches
+                     * the key generate from the final part of the filter, then the loop stops => we are done
+                     */
+                    end = v.bv_val + v.bv_len - 1;
+                    v.bv_val = end;
                     while (1) {
-                        v.bv_len = (*vals)->bv_len - (v.bv_val - (*vals)->bv_val);
+                        v.bv_len = end - v.bv_val + 1;
                         vkeys = ix->ix_index(ix, vals, NULL);
                         if (vkeys && vkeys[0]) {
                             auto const struct berval *vkey = vkeys[0];