Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
openldap
OpenLDAP
Commits
87df6c19
Commit
87df6c19
authored
Mar 23, 2022
by
Howard Chu
Committed by
Quanah Gibson-Mount
May 04, 2022
Browse files
ITS#9815 slapd-sql: escape filter values
parent
94d5180f
Pipeline
#4292
passed with stage
in 44 minutes and 46 seconds
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
servers/slapd/back-sql/search.c
View file @
87df6c19
...
...
@@ -63,6 +63,38 @@ static void send_paged_response(
ID
*
lastid
);
#endif
/* ! BACKSQL_ARBITRARY_KEY */
/* Look for chars that need to be escaped, return count of them.
* If out is non-NULL, copy escape'd val to it.
*/
static
int
backsql_val_escape
(
Operation
*
op
,
struct
berval
*
in
,
struct
berval
*
out
)
{
char
*
ptr
,
*
end
;
int
q
=
0
;
ptr
=
in
->
bv_val
;
end
=
ptr
+
in
->
bv_len
;
while
(
ptr
<
end
)
{
if
(
*
ptr
==
'\''
)
q
++
;
ptr
++
;
}
if
(
q
&&
out
)
{
char
*
dst
;
out
->
bv_len
=
in
->
bv_len
+
q
;
out
->
bv_val
=
op
->
o_tmpalloc
(
out
->
bv_len
+
1
,
op
->
o_tmpmemctx
);
ptr
=
in
->
bv_val
;
dst
=
out
->
bv_val
;
while
(
ptr
<
end
)
{
if
(
*
ptr
==
'\''
)
*
dst
++
=
'\''
;
*
dst
++
=
*
ptr
++
;
}
*
dst
=
'\0'
;
}
return
q
;
}
static
int
backsql_attrlist_add
(
backsql_srch_info
*
bsi
,
AttributeDescription
*
ad
)
{
...
...
@@ -429,6 +461,8 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
backsql_info
*
bi
=
(
backsql_info
*
)
bsi
->
bsi_op
->
o_bd
->
be_private
;
int
i
;
int
casefold
=
0
;
int
escaped
=
0
;
struct
berval
escval
,
*
fvalue
;
if
(
!
f
)
{
return
0
;
...
...
@@ -462,50 +496,68 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
BER_BVZERO
(
&
bv
);
if
(
f
->
f_sub_initial
.
bv_val
)
{
bv
.
bv_len
+=
f
->
f_sub_initial
.
bv_len
;
bv
.
bv_len
+=
f
->
f_sub_initial
.
bv_len
+
backsql_val_escape
(
NULL
,
&
f
->
f_sub_initial
,
NULL
)
;
}
if
(
f
->
f_sub_any
!=
NULL
)
{
for
(
a
=
0
;
f
->
f_sub_any
[
a
].
bv_val
!=
NULL
;
a
++
)
{
bv
.
bv_len
+=
f
->
f_sub_any
[
a
].
bv_len
;
bv
.
bv_len
+=
f
->
f_sub_any
[
a
].
bv_len
+
backsql_val_escape
(
NULL
,
&
f
->
f_sub_any
[
a
],
NULL
)
;
}
}
if
(
f
->
f_sub_final
.
bv_val
)
{
bv
.
bv_len
+=
f
->
f_sub_final
.
bv_len
;
bv
.
bv_len
+=
f
->
f_sub_final
.
bv_len
+
backsql_val_escape
(
NULL
,
&
f
->
f_sub_final
,
NULL
)
;
}
bv
.
bv_len
=
2
*
bv
.
bv_len
-
1
;
bv
.
bv_val
=
ch_malloc
(
bv
.
bv_len
+
1
);
s
=
0
;
if
(
!
BER_BVISNULL
(
&
f
->
f_sub_initial
)
)
{
bv
.
bv_val
[
s
]
=
f
->
f_sub_initial
.
bv_val
[
0
];
for
(
i
=
1
;
i
<
f
->
f_sub_initial
.
bv_len
;
i
++
)
{
fvalue
=
&
f
->
f_sub_initial
;
escaped
=
backsql_val_escape
(
bsi
->
bsi_op
,
fvalue
,
&
escval
);
if
(
escaped
)
fvalue
=
&
escval
;
bv
.
bv_val
[
s
]
=
fvalue
->
bv_val
[
0
];
for
(
i
=
1
;
i
<
fvalue
->
bv_len
;
i
++
)
{
bv
.
bv_val
[
s
+
2
*
i
-
1
]
=
'%'
;
bv
.
bv_val
[
s
+
2
*
i
]
=
f
->
f_sub_initial
.
bv_val
[
i
];
bv
.
bv_val
[
s
+
2
*
i
]
=
f
value
->
bv_val
[
i
];
}
bv
.
bv_val
[
s
+
2
*
i
-
1
]
=
'%'
;
s
+=
2
*
i
;
if
(
escaped
)
bsi
->
bsi_op
->
o_tmpfree
(
escval
.
bv_val
,
bsi
->
bsi_op
->
o_tmpmemctx
);
}
if
(
f
->
f_sub_any
!=
NULL
)
{
for
(
a
=
0
;
!
BER_BVISNULL
(
&
f
->
f_sub_any
[
a
]
);
a
++
)
{
bv
.
bv_val
[
s
]
=
f
->
f_sub_any
[
a
].
bv_val
[
0
];
for
(
i
=
1
;
i
<
f
->
f_sub_any
[
a
].
bv_len
;
i
++
)
{
fvalue
=
&
f
->
f_sub_any
[
a
];
escaped
=
backsql_val_escape
(
bsi
->
bsi_op
,
fvalue
,
&
escval
);
if
(
escaped
)
fvalue
=
&
escval
;
bv
.
bv_val
[
s
]
=
fvalue
->
bv_val
[
0
];
for
(
i
=
1
;
i
<
fvalue
->
bv_len
;
i
++
)
{
bv
.
bv_val
[
s
+
2
*
i
-
1
]
=
'%'
;
bv
.
bv_val
[
s
+
2
*
i
]
=
f
->
f_sub_any
[
a
].
bv_val
[
i
];
bv
.
bv_val
[
s
+
2
*
i
]
=
f
value
->
bv_val
[
i
];
}
bv
.
bv_val
[
s
+
2
*
i
-
1
]
=
'%'
;
s
+=
2
*
i
;
if
(
escaped
)
bsi
->
bsi_op
->
o_tmpfree
(
escval
.
bv_val
,
bsi
->
bsi_op
->
o_tmpmemctx
);
}
}
if
(
!
BER_BVISNULL
(
&
f
->
f_sub_final
)
)
{
bv
.
bv_val
[
s
]
=
f
->
f_sub_final
.
bv_val
[
0
];
for
(
i
=
1
;
i
<
f
->
f_sub_final
.
bv_len
;
i
++
)
{
fvalue
=
&
f
->
f_sub_final
;
escaped
=
backsql_val_escape
(
bsi
->
bsi_op
,
fvalue
,
&
escval
);
if
(
escaped
)
fvalue
=
&
escval
;
bv
.
bv_val
[
s
]
=
fvalue
->
bv_val
[
0
];
for
(
i
=
1
;
i
<
fvalue
->
bv_len
;
i
++
)
{
bv
.
bv_val
[
s
+
2
*
i
-
1
]
=
'%'
;
bv
.
bv_val
[
s
+
2
*
i
]
=
f
->
f_sub_final
.
bv_val
[
i
];
bv
.
bv_val
[
s
+
2
*
i
]
=
f
value
->
bv_val
[
i
];
}
bv
.
bv_val
[
s
+
2
*
i
-
1
]
=
'%'
;
bv
.
bv_val
[
s
+
2
*
i
-
1
]
=
'%'
;
s
+=
2
*
i
;
if
(
escaped
)
bsi
->
bsi_op
->
o_tmpfree
(
escval
.
bv_val
,
bsi
->
bsi_op
->
o_tmpmemctx
);
}
bv
.
bv_val
[
s
-
1
]
=
'\0'
;
...
...
@@ -561,11 +613,17 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
f
->
f_sub_initial
.
bv_val
);
#endif
/* BACKSQL_TRACE */
fvalue
=
&
f
->
f_sub_initial
;
escaped
=
backsql_val_escape
(
bsi
->
bsi_op
,
fvalue
,
&
escval
);
if
(
escaped
)
fvalue
=
&
escval
;
start
=
bsi
->
bsi_flt_where
.
bb_val
.
bv_len
;
backsql_strfcat_x
(
&
bsi
->
bsi_flt_where
,
bsi
->
bsi_op
->
o_tmpmemctx
,
"b"
,
&
f
->
f_sub_initial
);
fvalue
);
if
(
escaped
)
bsi
->
bsi_op
->
o_tmpfree
(
escval
.
bv_val
,
bsi
->
bsi_op
->
o_tmpmemctx
);
if
(
casefold
&&
BACKSQL_AT_CANUPPERCASE
(
at
)
)
{
ldap_pvt_str2upper
(
&
bsi
->
bsi_flt_where
.
bb_val
.
bv_val
[
start
]
);
}
...
...
@@ -586,12 +644,18 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
i
,
f
->
f_sub_any
[
i
].
bv_val
);
#endif
/* BACKSQL_TRACE */
fvalue
=
&
f
->
f_sub_any
[
i
];
escaped
=
backsql_val_escape
(
bsi
->
bsi_op
,
fvalue
,
&
escval
);
if
(
escaped
)
fvalue
=
&
escval
;
start
=
bsi
->
bsi_flt_where
.
bb_val
.
bv_len
;
backsql_strfcat_x
(
&
bsi
->
bsi_flt_where
,
bsi
->
bsi_op
->
o_tmpmemctx
,
"bc"
,
&
f
->
f_sub_any
[
i
]
,
fvalue
,
'%'
);
if
(
escaped
)
bsi
->
bsi_op
->
o_tmpfree
(
escval
.
bv_val
,
bsi
->
bsi_op
->
o_tmpmemctx
);
if
(
casefold
&&
BACKSQL_AT_CANUPPERCASE
(
at
)
)
{
/*
* Note: toupper('%') = '%'
...
...
@@ -611,11 +675,17 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f,
f
->
f_sub_final
.
bv_val
);
#endif
/* BACKSQL_TRACE */
fvalue
=
&
f
->
f_sub_final
;
escaped
=
backsql_val_escape
(
bsi
->
bsi_op
,
fvalue
,
&
escval
);
if
(
escaped
)
fvalue
=
&
escval
;
start
=
bsi
->
bsi_flt_where
.
bb_val
.
bv_len
;
backsql_strfcat_x
(
&
bsi
->
bsi_flt_where
,
bsi
->
bsi_op
->
o_tmpmemctx
,
"b"
,
&
f
->
f_sub_final
);
fvalue
);
if
(
escaped
)
bsi
->
bsi_op
->
o_tmpfree
(
escval
.
bv_val
,
bsi
->
bsi_op
->
o_tmpmemctx
);
if
(
casefold
&&
BACKSQL_AT_CANUPPERCASE
(
at
)
)
{
ldap_pvt_str2upper
(
&
bsi
->
bsi_flt_where
.
bb_val
.
bv_val
[
start
]
);
}
...
...
@@ -1182,6 +1252,8 @@ backsql_process_filter_attr( backsql_srch_info *bsi, Filter *f, backsql_at_map_r
struct
berval
*
filter_value
=
NULL
;
MatchingRule
*
matching_rule
=
NULL
;
struct
berval
ordering
=
BER_BVC
(
"<="
);
struct
berval
escval
;
int
escaped
=
0
;
Debug
(
LDAP_DEBUG_TRACE
,
"==>backsql_process_filter_attr(%s)
\n
"
,
at
->
bam_ad
->
ad_cname
.
bv_val
);
...
...
@@ -1236,6 +1308,10 @@ equality_match:;
casefold
=
1
;
}
escaped
=
backsql_val_escape
(
bsi
->
bsi_op
,
filter_value
,
&
escval
);
if
(
escaped
)
filter_value
=
&
escval
;
/* FIXME: directoryString filtering should use a similar
* approach to deal with non-prettified values like
* " A non prettified value ", by using a LIKE
...
...
@@ -1316,6 +1392,10 @@ equality_match:;
casefold
=
1
;
}
escaped
=
backsql_val_escape
(
bsi
->
bsi_op
,
filter_value
,
&
escval
);
if
(
escaped
)
filter_value
=
&
escval
;
/*
* FIXME: should we uppercase the operands?
*/
...
...
@@ -1349,7 +1429,7 @@ equality_match:;
&
at
->
bam_sel_expr
,
&
ordering
,
'\''
,
&
f
->
f_av
_value
,
filter
_value
,
(
ber_len_t
)
STRLENOF
(
/* (' */
"')"
),
/* ( */
"')"
);
}
...
...
@@ -1373,13 +1453,17 @@ equality_match:;
case
LDAP_FILTER_APPROX
:
/* we do our best */
filter_value
=
&
f
->
f_av_value
;
escaped
=
backsql_val_escape
(
bsi
->
bsi_op
,
filter_value
,
&
escval
);
if
(
escaped
)
filter_value
=
&
escval
;
/*
* maybe we should check type of at->sel_expr here somehow,
* to know whether upper_func is applicable, but for now
* upper_func stuff is made for Oracle, where UPPER is
* safely applicable to NUMBER etc.
*/
(
void
)
backsql_process_filter_like
(
bsi
,
at
,
1
,
&
f
->
f_av
_value
);
(
void
)
backsql_process_filter_like
(
bsi
,
at
,
1
,
filter
_value
);
break
;
default:
...
...
@@ -1393,6 +1477,9 @@ equality_match:;
}
if
(
escaped
)
bsi
->
bsi_op
->
o_tmpfree
(
escval
.
bv_val
,
bsi
->
bsi_op
->
o_tmpmemctx
);
Debug
(
LDAP_DEBUG_TRACE
,
"<==backsql_process_filter_attr(%s)
\n
"
,
at
->
bam_ad
->
ad_cname
.
bv_val
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
