[Issue 10089] New: regex that does not pass `regtest()` causes the entire process to exit
https://bugs.openldap.org/show_bug.cgi?id=10089
Issue ID: 10089 Summary: regex that does not pass `regtest()` causes the entire process to exit Product: OpenLDAP Version: 2.6.6 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: gburd@symas.com Target Milestone: ---
There are 6 locations in `aclparse.c` in the function `parse_acl()` that call `regtest()` validating a regex expression before its use. Currently, when `regtest()` finds an issue it calls `exit()` and the process must be restarted. It seems that a better approach would be to allow the failures to be processed by the caller where the severity might be better understood. In some (most?) cases it's likely just fine for the process to continue after some information about the issue is logged and resources are released properly.
https://git.openldap.org/openldap/openldap/-/blob/master/servers/slapd/aclpa...
https://bugs.openldap.org/show_bug.cgi?id=10089
--- Comment #1 from Greg Burd gburd@symas.com --- Proposed fix in: https://git.openldap.org/openldap/openldap/-/merge_requests/644
https://bugs.openldap.org/show_bug.cgi?id=10089
--- Comment #2 from Greg Burd gburd@symas.com --- Added two commits from !508 by @hyc to this MR as suggested for some long overdue cleanup.
https://bugs.openldap.org/show_bug.cgi?id=10089
Greg Burd gburd@symas.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED
https://bugs.openldap.org/show_bug.cgi?id=10089
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |--- Status|RESOLVED |UNCONFIRMED
https://bugs.openldap.org/show_bug.cgi?id=10089
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS Target Milestone|--- |2.5.17
https://bugs.openldap.org/show_bug.cgi?id=10089
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- • 7a4812d2 by Greg Burd at 2023-08-08T11:08:22-04:00 Allow caller to determine if the process should exit or not when the regex is found to be problematic.
• 9142da8e by Howard Chu at 2023-08-08T14:18:21-04:00 Use ConfigArgs in slapi config parsing
• 2086008a by Howard Chu at 2023-08-08T14:18:33-04:00 Use ConfigArgs in ACL parsing
For better error propagation back to config clients, also remove unconditional use of stderr.
parse_acl() was only partially converted, the rest remains to be done.
• ba90df4d by Greg Burd at 2023-08-10T15:29:47-04:00 convert Debug to use config args
https://bugs.openldap.org/show_bug.cgi?id=10089
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |hyc@openldap.org
https://bugs.openldap.org/show_bug.cgi?id=10089
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org --- RE26:
• 56438b06 by Greg Burd at 2023-10-23T19:10:33+00:00 ITS#10089 - Allow caller to determine if the process should exit or not when the regex is found to be problematic.
• 05da840a by Howard Chu at 2023-10-23T19:10:53+00:00 ITS#10089 - Use ConfigArgs in slapi config parsing
• b939195a by Howard Chu at 2023-10-23T19:11:07+00:00 ITS#10089 - Use ConfigArgs in ACL parsing
• 160d272b by Greg Burd at 2023-10-23T19:11:20+00:00 ITS#10089 - convert Debug to use config args
RE25:
• 760406ee by Greg Burd at 2023-10-23T19:12:47+00:00 ITS#10089 - Allow caller to determine if the process should exit or not when the regex is found to be problematic.
• b857c538 by Howard Chu at 2023-10-23T19:12:56+00:00 ITS#10089 - Use ConfigArgs in slapi config parsing
• f58a44f6 by Howard Chu at 2023-10-23T19:13:05+00:00 ITS#10089 - Use ConfigArgs in ACL parsing
• 7b693aad by Greg Burd at 2023-10-23T19:13:15+00:00 ITS#10089 - convert Debug to use config args
https://bugs.openldap.org/show_bug.cgi?id=10089
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- head:
• 543230c9 by Ondřej Kuzník at 2023-11-02T14:02:15+00:00 ITS#10089 Fix acl logging
https://bugs.openldap.org/show_bug.cgi?id=10089
--- Comment #6 from Quanah Gibson-Mount quanah@openldap.org --- RE26:
• c1307e56 by Ondřej Kuzník at 2024-01-11T22:04:00+00:00 ITS#10089 Fix acl logging
RE25:
• f0a2a42a by Ondřej Kuzník at 2024-01-11T22:04:05+00:00 ITS#10089 Fix acl logging
https://bugs.openldap.org/show_bug.cgi?id=10089
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org