diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c index 0ef27746a2..6ebd46ba96 100644 --- a/servers/slapd/overlays/constraint.c +++ b/servers/slapd/overlays/constraint.c @@ -657,7 +657,7 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op ) int found = 0; int rc; size_t len; - struct berval filterstr; + struct berval filterstr, escaped; char *ptr; cb.sc_response = constraint_uri_cb; @@ -701,11 +701,13 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op ) c->filter.bv_len + STRLENOF(")(|"); + filter_escape_value_x( bv, &escaped, op->o_tmpmemctx ); + for (i = 0; c->attrs[i]; i++) { len += STRLENOF("(") + c->attrs[i]->ad_cname.bv_len + STRLENOF("=") + - bv->bv_len + + escaped.bv_len + STRLENOF(")"); } @@ -719,7 +721,7 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op ) *ptr++ = '('; ptr = lutil_strcopy( ptr, c->attrs[i]->ad_cname.bv_val ); *ptr++ = '='; - ptr = lutil_strcopy( ptr, bv->bv_val ); + ptr = lutil_strcopy( ptr, escaped.bv_val ); *ptr++ = ')'; } *ptr++ = ')'; @@ -748,6 +750,7 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op ) rc, found ); } op->o_tmpfree(filterstr.bv_val, op->o_tmpmemctx); + op->o_tmpfree(escaped.bv_val, op->o_tmpmemctx); if ((rc != LDAP_SUCCESS) && (rc != LDAP_NO_SUCH_OBJECT)) { return rc; /* unexpected error */ diff --git a/tests/data/constraint/constraint.out b/tests/data/constraint/constraint.out index a23cb308a2..c35c1311ba 100644 --- a/tests/data/constraint/constraint.out +++ b/tests/data/constraint/constraint.out @@ -29,6 +29,7 @@ FAIL FAIL FAIL FAIL +FAIL OK FAIL FAIL diff --git a/tests/data/constraint/t_fail_17.ldif b/tests/data/constraint/t_fail_17.ldif new file mode 100644 index 0000000000..193fae7957 --- /dev/null +++ b/tests/data/constraint/t_fail_17.ldif @@ -0,0 +1,5 @@ +dn: cn=John Doe,ou=users,dc=example,dc=com +changetype: modify +replace: uid +uid: 2* +