https://bugs.openldap.org/show_bug.cgi?id=9446
Issue ID: 9446 Summary: back_passwd: invalid parsing of gecos field Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: grapvar@gmail.com Target Milestone: ---
Created attachment 788 --> https://bugs.openldap.org/attachment.cgi?id=788&action=edit fix
Parsing gecos(comment) field of /etc/passwd in servers/slapd/back-passwd/search.c`pw2entry() has issues. I expands '&':
1) anywhere in in gecos, but the expansion must be limited by user's full name. 2) only 1st '&', but all `&'s in full name must be expanded
(nice explanation: https://unix.stackexchange.com/questions/535189/ampersand-in-the-passwd-geco...)
fix attached. It expands each `&', left to right, until expanded user's full name fits into internal { char buf[1024]; }
https://bugs.openldap.org/show_bug.cgi?id=9446
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|slapd |backends
https://bugs.openldap.org/show_bug.cgi?id=9446
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |has_patch
https://bugs.openldap.org/show_bug.cgi?id=9446
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.3 Assignee|bugs@openldap.org |quanah@openldap.org
https://bugs.openldap.org/show_bug.cgi?id=9446
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- You need to provide an IPR as documented at https://www.openldap.org/devel/contributing.html#notice for this to be considered.
https://bugs.openldap.org/show_bug.cgi?id=9446
--- Comment #2 from Konstantin Andreev grapvar@gmail.com --- Oh, certainly. 1. The file «pwd_search_git.patch», attached on 2021-01-31 16:19 UTC, is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the patch were developed by Konstantin Andreev grapvar@gmail.com. I have not assigned rights and/or interest in this work to any party. 2. I, Konstantin Andreev, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
https://bugs.openldap.org/show_bug.cgi?id=9446
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- I'd note that if you sign up for an account on https://git.openldap.org, you could submit your patches as merge requests directly, rather than doing them via patches in bugzilla.
https://bugs.openldap.org/show_bug.cgi?id=9446
--- Comment #4 from Konstantin Andreev grapvar@gmail.com --- Ok, thank you for advice, it sounds reasonable.
https://bugs.openldap.org/show_bug.cgi?id=9446
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Keywords|has_patch | Status|UNCONFIRMED |IN_PROGRESS
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- https://git.openldap.org/openldap/openldap/-/merge_requests/270
https://bugs.openldap.org/show_bug.cgi?id=9446
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED
--- Comment #6 from Quanah Gibson-Mount quanah@openldap.org ---
Commits: • f2481c8d by Konstantin Andreev at 2021-03-04T19:05:23+00:00 ITS#9446 - Correctly parse gecos field
https://bugs.openldap.org/show_bug.cgi?id=9446
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org