Bug#540938: libnet-ldap-perl: Error in _cis_substrings() match

Davor Ocelic docelic at spinlocksolutions.com
Mon Aug 10 21:32:27 UTC 2009 

Package: libnet-ldap-perl
Version: 1:0.39-1
Severity: normal
Tags: patch


Hello,

The function _cis_substrings, around line 248, does

  return grep(/\Q$regex\E/i, @_) ? 1 : 0;

The problem is, value of $regex is already escaped at that point, so
invoking \Q...\E performs another, unnecessary escape and messes up
the regex value.

Specifically,

abc* should be ^abc in regex, but due to escape it becomes \^abc

*abc should be abc$ in regex, but due to escape it becomes abc\$

The problem only gets worse if you have "non standard" chars in the
matching part, such as colons:

abc::def* becomes \^abc\\:\\:def

The solution is removing the unnecessary \Q \E, which the attached patch does.

Best regards,
Davor Ocelic
Spinlock Solutions
http://www.spinlocksolutions.com/

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (700, 'testing'), (650, 'unstable'), (550, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libnet-ldap-perl depends on:
ii  libconvert-asn1-perl          0.22-1     Perl module for encoding and decod
ii  libwww-perl                   5.829-1    WWW client/server library for Perl
ii  perl [libmime-base64-perl]    5.10.0-24  Larry Wall's Practical Extraction 

libnet-ldap-perl recommends no packages.

Versions of packages libnet-ldap-perl suggests:
ii  libauthen-sasl-perl          2.12-1      Authen::SASL - SASL Authentication
ii  libio-socket-ssl-perl        1.26-1      Perl module implementing object or
ii  liburi-perl                  1.37+dfsg-1 Manipulates and accesses URI strin
ii  libxml-parser-perl           2.36-1.1+b1 Perl module for parsing XML files
ii  libxml-sax-perl              0.96+dfsg-1 Perl module for using and building
ii  perl [libdigest-md5-perl]    5.10.0-24   Larry Wall's Practical Extraction 

-- no debconf information
-------------- next part --------------
--- /usr/share/perl5/Net/LDAP/FilterMatch.pm.old	2009-08-10 19:05:15.000000000 +0200
+++ /usr/share/perl5/Net/LDAP/FilterMatch.pm	2009-08-10 19:05:39.000000000 +0200
@@ -245,7 +245,7 @@
   my $regex=shift;
   my $op=shift;
   return 1 if ($regex =~ /^$/);
-  return grep(/\Q$regex\E/i, @_) ? 1 : 0;
+  return grep(/$regex/i, @_) ? 1 : 0;
 }
 
 sub _exact_substrings($@)

More information about the pkg-perl-maintainers mailing list