[SERVER-26068] Components containing escapes truncated when instantiating LDAP queries Created: 12/Sep/16  Updated: 19/Nov/16  Resolved: 15/Sep/16

Status: Closed
Project: Core Server
Component/s: Internal Code, Security
Affects Version/s: None
Fix Version/s: 3.3.14

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platforms 2016-09-19
Participants:

 Description   

If an LDAP query is constructed using regular expression substitution, and a component containing a backslash is inserted into the query, that component may be truncated.

For example, if query template is "cn={0},dc=mongodb,dc=com" and "jack\,sa" is substituted into the query the resulting query to be performed against the remote server should be "cn=jack\,sa,dc=mongodb,dc=com". We are instead producing "cn=jack,dc=mongodb,dc=com".

This should be fixed, because it's fairly easy to get escaped characters from queries performed during internal username to DN mapping.



 Comments   
Comment by Githook User [ 15/Sep/16 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-26068: Don't truncate LDAP query components containing '\'
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/53c2ef06ca8a8f1d28e5f5f627abfee49584284b

Generated at Thu Feb 08 04:11:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.