United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6916202 More cases of invalid ldap filters accepted and processed
JDK-6916202 : More cases of invalid ldap filters accepted and processed

Details
Type:
Bug
Submit Date:
2010-01-12
Status:
Resolved
Updated Date:
2010-09-29
Project Name:
JDK
Resolved Date:
2010-03-17
Component:
core-libs
OS:
generic
Sub-Component:
javax.naming
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
6u17-rev
Fixed Versions:

Related Reports
Backport:
Relates:
Relates:
Relates:
Relates:

Sub Tasks

Description
Ldap filters indentified as invalid by RFC: http://tools.ietf.org/html/rfc4515 are accepted and processd. The JDK ldap code should throw an exception when such invalid filters are encountered, instead of processing and passing the ldap request to the LDAP servers which always throw an exception. Following are examples of invalid filters:

1. "((objectClass=*)&(uid=*))"
2. &(objectClass=*)(uid=*)
3. ((objectCategory=person)(objectClass=user)(!(cn=user1*)))
4. ((&(objectClass=user)(cn=andy*)(cn=steve*)(cn=margaret*)))

                                    

Comments
EVALUATION

Need to check the validity of LDAP search filter strictly.
                                     
2010-02-10



Hardware and Software, Engineered to Work Together