X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Ffilter.c;h=3ad77c4fdb8799d7bcfb479674cf1f0eb99e8b14;hb=3d39ff68a94e4455074707d763138f01aaa1c5b1;hp=ed0474ac757fbba68935bc97c53dfa6b470152f3;hpb=5368501f35f55f17c2e82d24f86d9a21b6bf8efd;p=openldap

diff --git a/libraries/libldap/filter.c b/libraries/libldap/filter.c
index ed0474ac75..3ad77c4fdb 100644
--- a/libraries/libldap/filter.c
+++ b/libraries/libldap/filter.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -16,9 +16,6 @@
 /* Portions Copyright (c) 1990 Regents of the University of Michigan.
  * All rights reserved.
  */
-/* Portions Copyright (C) The Internet Society (1997).
- * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
- */
 
 #include "portable.h"
 
@@ -334,36 +331,36 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
 	int	parens, balance, escape;
 
 	/*
-	 * A Filter looks like this:
-	 *      Filter ::= CHOICE {
-	 *              and             [0]     SET OF Filter,
-	 *              or              [1]     SET OF Filter,
-	 *              not             [2]     Filter,
-	 *              equalityMatch   [3]     AttributeValueAssertion,
-	 *              substrings      [4]     SubstringFilter,
-	 *              greaterOrEqual  [5]     AttributeValueAssertion,
-	 *              lessOrEqual     [6]     AttributeValueAssertion,
-	 *              present         [7]     AttributeType,
-	 *              approxMatch     [8]     AttributeValueAssertion,
-	 *		extensibleMatch [9]	MatchingRuleAssertion -- LDAPv3
-	 *      }
+	 * A Filter looks like this (RFC 4511 as extended by RFC 4526):
+	 *     Filter ::= CHOICE {
+	 *         and             [0]     SET SIZE (0..MAX) OF filter Filter,
+	 *         or              [1]     SET SIZE (0..MAX) OF filter Filter,
+	 *         not             [2]     Filter,
+	 *         equalityMatch   [3]     AttributeValueAssertion,
+	 *         substrings      [4]     SubstringFilter,
+	 *         greaterOrEqual  [5]     AttributeValueAssertion,
+	 *         lessOrEqual     [6]     AttributeValueAssertion,
+	 *         present         [7]     AttributeDescription,
+	 *         approxMatch     [8]     AttributeValueAssertion,
+	 *         extensibleMatch [9]     MatchingRuleAssertion,
+	 *         ... }
 	 *
-	 *      SubstringFilter ::= SEQUENCE {
-	 *              type               AttributeType,
-	 *              SEQUENCE OF CHOICE {
-	 *                      initial          [0] IA5String,
-	 *                      any              [1] IA5String,
-	 *                      final            [2] IA5String
-	 *              }
-	 *      }
+	 *     SubstringFilter ::= SEQUENCE {
+	 *         type         AttributeDescription,
+	 *         substrings   SEQUENCE SIZE (1..MAX) OF substring CHOICE {
+	 *             initial          [0] AssertionValue, -- only once
+	 *             any              [1] AssertionValue,
+	 *             final            [2] AssertionValue  -- only once
+	 *             }
+	 *         }
 	 *
-	 *	MatchingRuleAssertion ::= SEQUENCE {	-- LDAPv3
-	 *		matchingRule    [1] MatchingRuleId OPTIONAL,
-	 *		type            [2] AttributeDescription OPTIONAL,
-	 *		matchValue      [3] AssertionValue,
-	 *		dnAttributes    [4] BOOLEAN DEFAULT FALSE }
+	 *	   MatchingRuleAssertion ::= SEQUENCE {
+	 *         matchingRule    [1] MatchingRuleId OPTIONAL,
+	 *         type            [2] AttributeDescription OPTIONAL,
+	 *         matchValue      [3] AssertionValue,
+	 *         dnAttributes    [4] BOOLEAN DEFAULT FALSE }
 	 *
-	 * Note: tags in a choice are always explicit
+	 * Note: tags in a CHOICE are always explicit
 	 */
 
 	Debug( LDAP_DEBUG_TRACE, "put_filter: \"%s\"\n", str_in, 0, 0 );
@@ -425,6 +422,10 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
 				parens--;
 				break;
 
+			case '(':
+				rc = -1;
+				goto done;
+
 			default:
 				Debug( LDAP_DEBUG_TRACE, "put_filter: simple\n",
 				    0, 0, 0 );
@@ -497,9 +498,11 @@ ldap_pvt_put_filter( BerElement *ber, const char *str_in )
 			str = next;
 			break;
 		}
+		if ( !parens )
+			break;
 	}
 
-	rc = parens ? -1 : 0;
+	rc = ( parens || *str ) ? -1 : 0;
 
 done:
 	LDAP_FREE( freeme );
@@ -586,7 +589,7 @@ put_simple_filter(
 		break;
 
 	case ':':
-		/* RFC2254 extensible filters are off the form:
+		/* RFC 4515 extensible filters are off the form:
 		 *		type [:dn] [:rule] := value
 		 * or	[:dn]:rule := value		
 		 */
@@ -748,10 +751,12 @@ put_substring_filter( BerElement *ber, char *type, char *val )
 			}
 		}
 
-		if ( *val != '\0' || ftype == LDAP_SUBSTRING_ANY ) {
+		if ( *val == '\0' ) {
+			return -1;
+		} else {
 			ber_slen_t len = ldap_pvt_filter_value_unescape( val );
 
-			if ( len < 0  ) {
+			if ( len <= 0  ) {
 				return -1;
 			}
 
@@ -804,6 +809,8 @@ put_vrFilter( BerElement *ber, const char *str_in )
 	 *		matchingRule    [1] MatchingRuleId OPTIONAL,
 	 *		type            [2] AttributeDescription OPTIONAL,
 	 *		matchValue      [3] AssertionValue }
+	 *
+	 * (Source: RFC 3876)
 	 */
 
 	Debug( LDAP_DEBUG_TRACE, "put_vrFilter: \"%s\"\n", str_in, 0, 0 );