php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64392 ldap_search() fails on base64-encoded entries
Submitted: 2013-03-08 15:53 UTC Modified: 2013-10-15 11:54 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: russ at bluecows dot com Assigned:
Status: No Feedback Package: LDAP related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: russ at bluecows dot com
New email:
PHP Version: OS:

 

 [2013-03-08 15:53 UTC] russ at bluecows dot com
Description:
------------
When using the ldap_search() function to query data from an LDAP database, it would appear that base64-encoded attributes are not decoded before running the search pattern against them.

Based on the code snippets below, if the first search is run, no results are returned, even if a DN in the search tree has a postalAddress attribute which matches the given search string.  If the second search is run, results are returned, indicating the search can check to see if the attribute exists at all, but the text-based search string is being checked against a base64-encoded attribute.

It would appear that ldap_get_entries() decodes base64-encoded attributes, because the output of $entries, when it is not NULL, will show postalAddress as text.  In order for ldap_search() to work properly, it should decode base64-encoded attributes before attempting to run the search against them.

Test script:
---------------
Failed test:

$search = ldap_search( $ldapHandle, $ldapBaseDn, "(postaladdress=*165 Main*)" );
$entries = ldap_get_entries( $ldapHandle, $search );

Successful test:

$search = ldap_search( $ldapHandle, $ldapBaseDn, "(postaladdress=*)" );
$entries = ldap_get_entries( $ldapHandle, $search );

Expected result:
----------------
In the failed test example, I would expect $entries to contain a list of LDAP DNs and associated attributes where the postalAddress attribute matches the search parameter.  Currently, it does not.  Searches against non-base64-encoded attributes such as mail or telephoneNumber work as expected.

Actual result:
--------------
When the failed test example is run, $entries is empty because no matches are returned from the ldap_search().

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-09-30 09:49 UTC] mike@php.net
-Status: Open +Status: Feedback
 [2013-09-30 09:49 UTC] mike@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.



 [2013-10-15 11:54 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Mar 08 01:01:24 2021 UTC