(ITS#6261) Misparsing when commas present in LDAP URL DNs - openldap-bugs

18 Aug 2009


      Full_Name: John Morrissey
Version: RE24
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (66.133.190.110)
libldap's ldap_url_parselist_int() splits URLs on spaces (" ") and commas
(",") when parsing them. Commas in LDAP URLs do not need to be
percent-encoded (in fact, section 4 of RFC 4516 has a number of examples
with non-encoded commas).
This causes failure in situations like passing a full URL to
ldap_initialize():
ldap_initialize("ldap://localhost/dc=example,dc=com");
Breakpoint 1, ldap_url_parselist_int (ludlist=0x7fff99b56470,
    url=0x400d10 "ldap://localhost:390/dc=example,dc=com", sep=0x0,
    flags=3) at url.c:1284
[...]
1293            urls = ldap_str2charray( url, sep );
(gdb)
1294            if (urls == NULL)
(gdb) print urls[0]
$1 = 0xb69280 "ldap://localhost:390/dc=example"
(gdb) print urls[1]
$2 = 0xb691b0 "dc=com"
ldap_url_parselist_int calls ldap_url_parse_ext() on urls[1], which returns
LDAP_URL_ERR_BADSCHEME. This makes its way back to ldap_initialize()'s
caller as LDAP_PARAM_ERROR.
The client tools accept comma-separated lists of URLs passed to -H. It seems
better to modify ldap_url_parselist{,_int}() to split on spaces and use
ldap_url_parselist_ext() to override this behavior where necessary for
backwards compatibility (such as in client tools).
Perhaps this is a documentation bug. In that case, ldap_open(3) should
mention this behavior, especially since it conflicts with RFC 4516.
...
From RFC 4516:
--
2.1.  Percent-Encoding
A generated LDAP URL MUST consist only of the restricted set of
   characters included in one of the following three productions defined
   in [RFC3986]:
<reserved>
         <unreserved>
         <pct-encoded>
Implementations SHOULD accept other valid UTF-8 strings [RFC3629] as
   input.  An octet MUST be encoded using the percent-encoding mechanism
   described in section 2.1 of [RFC3986] in any of these situations:
The octet is not in the reserved set defined in section 2.2 of
      [RFC3986] or in the unreserved set defined in section 2.3 of
      [RFC3986].
It is the single Reserved character '?' and occurs inside a <dn>,
      <filter>, or other element of an LDAP URL.
It is a comma character ',' that occurs inside an <exvalue>.
Note that before the percent-encoding mechanism is applied, the
   extensions component of the LDAP URL may contain one or more null
   (zero) bytes.  No other component may.
--
And from RFC 2986:
--
2.2.  Reserved Characters
[...]
      reserved    = gen-delims / sub-delims
gen-delims  = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims  = "!" / "$" / "&" / "'" / "(" / ")"
                  / "*" / "+" / "," / ";" / "=" 
--