JDK-6449574 : Invalid ldap filter is accepted and processed
  • Type: Bug
  • Component: core-libs
  • Sub-Component: javax.naming
  • Affected Version: 5.0
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: sparc
  • Submitted: 2006-07-17
  • Updated: 2010-11-30
  • Resolved: 2010-11-30
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7
5.0u22-revFixed 6u17-revFixed 7 b68Fixed
Related Reports
Relates :  
Description
OPERATING SYSTEM(S):
Win32, Windows XP                                    

FULL JDK VERSION(S):
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode)

DESCRIPTION:
An invalid ldap search filter is passed to JNDI, which is processed successfully and passed to ldap server to get the results. 
The following is the search filter that is passed.                                 
(&(cn=Robert Dean)))                                                    
This filter is syntactically invalid.                                                                        
             
Run the jndi ldap program passing ldap server ip address as command line argument and it gives an error.
  
The following JNDI program which has same search filter, passes successfully without any error.

 //JNDI program                                                          
import java.util.Properties;                                            
import javax.naming.*;                                                  
import javax.naming.directory.*;                                        
import java.util.Enumeration;                                           
                                                                        
public class ldapSearch {                                               
  Properties env;                                                       
  DirContext ctx;                                                       
                                                                        
  ldapSearch(String URLaddress)                                         
    throws SecurityException,NamingException {                          
    Properties env = new Properties();                                  
    env.setProperty(Context.INITIAL_CONTEXT_FACTORY,                    
"com.sun.jndi.ldap.LdapCtxFactory");                                    
    env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");         
    env.setProperty(Context.PROVIDER_URL, "ldap://"+URLaddress+":389"); 
    env.setProperty(Context.SECURITY_PRINCIPAL,"cn=root");              
    env.setProperty(Context.SECURITY_CREDENTIALS,"root");               
                                                                        
    ctx = new InitialDirContext(env);                                   
                                                                        
  }                                                                     
                                                                        
  public NamingEnumeration                                              
    search(String from, String filter)                                  
     throws NamingException {                                           
    SearchControls constr = new SearchControls();                       
    // let is search whole subtree                                      
    constr.setSearchScope(                                              
      SearchControls.SUBTREE_SCOPE);                                    
    return(ctx.search(from, filter, constr));                           
  }                                                                     
                                                                        
  public void printResults(NamingEnumeration res)                       
    throws Exception {                                                  
    while (res != null && res.hasMore()) {                              
//   Thread.sleep(3000);                                                
      SearchResult si = (SearchResult)res.next();                       
      System.out.println("\nname: " + si.getName());                    
      Attributes attrs = si.getAttributes();                            
      if (attrs == null) {                                              
        System.out.println("No attributes");                            
      }                                                                 
      else {                                                            
        for (NamingEnumeration ae = attrs.getAll();                     
               ae.hasMoreElements();) {                                 
          Attribute attr = (Attribute)ae.next();                        
          String attrId = attr.getID();                                 
          for (Enumeration vals = attr.getAll();                        
            vals.hasMoreElements();                                     
            System.out.println(attrId+": "+                             
              vals.nextElement()));                                     
        }                                                               
      }                                                                 
    }                                                                   
  }                                                                     
                                                                        
  public static void main(String[] args) {                              
     String s1=args[0];                                                 
                                                                        
    try {                                                               
      ldapSearch mySearch = new ldapSearch(s1);                         
      System.out.println(" ");                                          
      System.out.println("searching.....");                             
      System.out.println("");                                           
   mySearch.printResults(mySearch.search("o=ibm,c=us","(&(cn=Robert     
Dean)))"));                                                             
                                                                        
    } catch (Exception e) {                                             
        System.err.println("ldapSearch failed.");                       
        e.printStackTrace();                                            
    }                                                                   
  }                                                                     
}                

FURTHER INFORMATION:
If 1 additional parenthesis is added to the search filter as 
"(&(cn=test1))))"
then it gives error in the case of the JNDI program also.

I tried to search using the same filter against TDS using TDS command line utility ldapsearch.

Ldapsearch -h <server_ip> -D cn=root -w password -s sub -b o=ibm,c=us "(&(cn=test1)))"

It gave the bad search filter error.

So using the ldap search utility it gives the error for wrong syntax whereas with JNDI program it passes succesfully.                                     

The same behaviour is seen in 1.4.2, 5.0 and 6.0.

Comments
SUGGESTED FIX Scan the string filter to confirm that its parenthesis are balanced.
05-09-2007

EVALUATION The LDAP string filter parser in the com.sun.jndi.ldap.Filter class fails to detect a particular class of invalid filter. It accepts string filters with a superfluous trailing character or a superfluous closing parenthesis. Although the effect is relatively benign - we accept a filter that we should reject - it is indeed a bug.
05-09-2007