-
Bug
-
Resolution: Fixed
-
P4
-
1.4.2
-
b30
-
generic
-
generic
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-2221928 | 7u6 | Weijun Wang | P4 | Closed | Fixed | b03 |
SYNOPSIS
--------
Double byte characters corrupted in DN for LDAP referrals
OPERATING SYSTEM
----------------
All
FULL JDK VERSION
----------------
All
DESCRIPTION
-----------
If the DN component of an LDAP URL contains double byte characters, it is corrupted by com.sun.jndi.toolkit.url.UrlUtil.decode(). This corruption leads to application level failures.
Consider the following scenario:
1. Application connects to an LDAP server and searches for the string
uid=???,??? (where ??? are double byte characters)
2. JNDI code receives a referral, for example:
ldap://www.test.com/uid=???,???,ou=people,ou=test,ou=test,o=test
3. The referral is then parsed to split the hostname, port number and
the DN element of the URI via
com.sun.jndi.ldap.LdapURL.parsePathAndQuery()
4. The DN element is decoded using
com.sun.jndi.toolkit.url.UrlUtil.decode()
5. This method expects the characters to be ASCII. If the characters
are non-ASCII, as in our example, then those characters are not
converted properly.
6. This corrupted DN is then passed to the LDAP server, resulting in an
unexpected failure.
TESTCASE
--------
This testcase does not represent normal application code. It highlights the problem by calling into com.sun.* internal classes directly. This allows the problem to be demonstrated without setting up an LDAP server.
import java.net.URI;
import java.net.URLDecoder;
import com.sun.jndi.ldap.LdapURL;
public class LdapURLTest {
public static void main (String args[]) throws Exception {
String testString = ("ldap://www.test.com/uid=\u3070\u3073\u3076,\u3079\u307C\u307E,ou=test,ou=test,ou=test,o=test");
LdapURL ldURL = new LdapURL(testString);
System.out.println(" LDAP URL String: " + testString);
System.out.println(" decoded DN: " + ldURL.getDN());
// suggested fix demonstration
String DN;
String path = new URI(testString).getPath();
DN = path.startsWith("/") ? path.substring(1) : path;
String proposedDN = URLDecoder.decode(DN, "UTF8");
System.out.println("\nDN from proposed fix: " + proposedDN);
}
}
SUGGESTED FIX
-------------
Use java.net.URLDecoder rather than com.sun.jndi.toolkit.url.UrlUtil to conduct the URL decoding in parsePathAndQuery().
Specifically, change the line that decodes the DN element in com.sun.jndi.ldap.LdapURL.parsePathAndQuery() from:
DN = path.startsWith("/") ? path.substring(1) : path;
if (DN.length() > 0) {
--> DN = UrlUtil.decode(DN, "UTF8"); <--
}
to:
DN = path.startsWith("/") ? path.substring(1) : path;
if (DN.length() > 0) {
--> DN = URLDecoder.decode(DN, "UTF8"); <--
}
--------
Double byte characters corrupted in DN for LDAP referrals
OPERATING SYSTEM
----------------
All
FULL JDK VERSION
----------------
All
DESCRIPTION
-----------
If the DN component of an LDAP URL contains double byte characters, it is corrupted by com.sun.jndi.toolkit.url.UrlUtil.decode(). This corruption leads to application level failures.
Consider the following scenario:
1. Application connects to an LDAP server and searches for the string
uid=???,??? (where ??? are double byte characters)
2. JNDI code receives a referral, for example:
ldap://www.test.com/uid=???,???,ou=people,ou=test,ou=test,o=test
3. The referral is then parsed to split the hostname, port number and
the DN element of the URI via
com.sun.jndi.ldap.LdapURL.parsePathAndQuery()
4. The DN element is decoded using
com.sun.jndi.toolkit.url.UrlUtil.decode()
5. This method expects the characters to be ASCII. If the characters
are non-ASCII, as in our example, then those characters are not
converted properly.
6. This corrupted DN is then passed to the LDAP server, resulting in an
unexpected failure.
TESTCASE
--------
This testcase does not represent normal application code. It highlights the problem by calling into com.sun.* internal classes directly. This allows the problem to be demonstrated without setting up an LDAP server.
import java.net.URI;
import java.net.URLDecoder;
import com.sun.jndi.ldap.LdapURL;
public class LdapURLTest {
public static void main (String args[]) throws Exception {
String testString = ("ldap://www.test.com/uid=\u3070\u3073\u3076,\u3079\u307C\u307E,ou=test,ou=test,ou=test,o=test");
LdapURL ldURL = new LdapURL(testString);
System.out.println(" LDAP URL String: " + testString);
System.out.println(" decoded DN: " + ldURL.getDN());
// suggested fix demonstration
String DN;
String path = new URI(testString).getPath();
DN = path.startsWith("/") ? path.substring(1) : path;
String proposedDN = URLDecoder.decode(DN, "UTF8");
System.out.println("\nDN from proposed fix: " + proposedDN);
}
}
SUGGESTED FIX
-------------
Use java.net.URLDecoder rather than com.sun.jndi.toolkit.url.UrlUtil to conduct the URL decoding in parsePathAndQuery().
Specifically, change the line that decodes the DN element in com.sun.jndi.ldap.LdapURL.parsePathAndQuery() from:
DN = path.startsWith("/") ? path.substring(1) : path;
if (DN.length() > 0) {
--> DN = UrlUtil.decode(DN, "UTF8"); <--
}
to:
DN = path.startsWith("/") ? path.substring(1) : path;
if (DN.length() > 0) {
--> DN = URLDecoder.decode(DN, "UTF8"); <--
}
- backported by
-
JDK-2221928 Double byte characters corrupted in DN for LDAP referrals
-
- Closed
-