Bug ID: JDK-6916202 More cases of invalid ldap filters accepted and processed

JDK-6916202 : More cases of invalid ldap filters accepted and processed

Type: Bug
Component: core-libs
Sub-Component: javax.naming
Affected Version: 6u17-rev

Priority: P3
Status: Resolved
Resolution: Fixed
OS: generic
CPU: generic

Submitted: 2010-01-12
Updated: 2017-05-16
Resolved: 2010-03-17

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 6	JDK 7
6u21Fixed	7 b86Fixed

Related Reports

Relates :	JDK-6979376 - to have ldap filters tolerate underscore character in object identifier
Relates :	JDK-6979700 - tighten the attribute sytax check for JNDI/LDAPFrom the reporter
Relates :	JDK-6449574 - Invalid ldap filter is accepted and processed
Relates :	JDK-6972409 - Cease emitting LDAP filter debug messages

Description

Ldap filters indentified as invalid by RFC: http://tools.ietf.org/html/rfc4515 are accepted and processd. The JDK ldap code should throw an exception when such invalid filters are encountered, instead of processing and passing the ldap request to the LDAP servers which always throw an exception. Following are examples of invalid filters:

1. "((objectClass=*)&(uid=*))"
2. &(objectClass=*)(uid=*)
3. ((objectCategory=person)(objectClass=user)(!(cn=user1*)))
4. ((&(objectClass=user)(cn=andy*)(cn=steve*)(cn=margaret*)))

Comments

EVALUATION Need to check the validity of LDAP search filter strictly.

10-02-2010