Package: libapache2-mod-vhost-ldap Version: 2.0.6-1 Tags: patch Severity: serious
The commit “Fix wildcard search” [1] in mod_vhost_ldap 2.0.6 is incorrect, and actually breaks wildcard searches. The code was correct originally [2], and has been in production use on servers at MIT for two years. But now it looks for records that literally have ‘\*’ in the hostname instead of ‘*’, and of course it doesn’t find one. (Are you sure you haven’t been accidentally testing with records that have literal backslashes in the hostname, e.g. ‘\*.example.com’? Or perhaps someone was trying out the patch for wildcard hostnames without my prior patch that properly escapes LDAP queries [3]?) I verified the regression from 2.0.5 on a real server, and successfully tested the patch below on top of 2.0.6. The patch is also available in my Git repository git://andersk.mit.edu/mod-vhost-ldap.git in the branch “wildcard”. This branch also has a spelling fix for the example configuration file. [1] http://git.debian.org/?p=users/ondrej/mod-vhost-ldap.git;a=commitdiff;h=a6842df [2] http://bugs.debian.org/470093 http://git.debian.org/?p=users/ondrej/mod-vhost-ldap.git;a=commitdiff;h=a529b3b [3] http://bugs.debian.org/469930 http://git.debian.org/?p=users/ondrej/mod-vhost-ldap.git;a=commitdiff;h=303e7b4 -- 8< -- From 188f008c3b074a8352e814024a13b1710427893a Mon Sep 17 00:00:00 2001 From: Anders Kaseorg <ande...@mit.edu> Date: Sat, 19 Mar 2011 03:52:56 -0400 Subject: [PATCH] Revert incorrect “fix” of wildcard search It is wrong to add extra backslashes before *, because escaping is already done by ldap_bv2escaped_filter_value. The extra backslash made lookups fail. This partially reverts commit fb5409ad77a245ed0ae746d198b394b580b4de3e. Signed-off-by: Anders Kaseorg <ande...@mit.edu> --- mod_vhost_ldap.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mod_vhost_ldap.c b/mod_vhost_ldap.c index 24b74b9..b6bee2a 100644 --- a/mod_vhost_ldap.c +++ b/mod_vhost_ldap.c @@ -538,11 +538,11 @@ fallback: if (result == LDAP_NO_SUCH_OBJECT) { if (conf->wildcard == MVL_ENABLED) { - if (strcmp(hostname, "\\*") != 0) { - if (strncmp(hostname, "\\*.", 3) == 0) - hostname += 3; + if (strcmp(hostname, "*") != 0) { + if (strncmp(hostname, "*.", 2) == 0) + hostname += 2; hostname += strcspn(hostname, "."); - hostname = apr_pstrcat(r->pool, "\\*", hostname, NULL); + hostname = apr_pstrcat(r->pool, "*", hostname, NULL); ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r, "[mod_vhost_ldap.c] translate: " "virtual host not found, trying wildcard %s", -- 1.7.4.1 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
