Bug 4979 - Escaped double quotes not handled correctly
: Escaped double quotes not handled correctly
Status: RESOLVED FIXED
: GSI C
Authentication
: 4.0.2
: PC Windows XP
: P3 normal
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2007-01-25 11:06 by
Modified: 2008-08-11 15:22 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-01-25 11:06:27
If escaped (double) quotes or similar escaped characters are used in a
grid-mapfile, e.g.

  "/O=GermanGrid/OU=DESY/CN=\" Name Suppressed\"" myaccnt

this puts the gridmap_parse_line routine in an innifite loop. As a result, any
service using these routines will start eating CPU and never return. Within
minutes, this leads to an almost infinite load on the server in question.

It affects:
* all services (gatekeeper, gridftp, both plain globus and EDG versions) that
use the "globus_i_gss_assist_gridmap_parse_line" call
* all services and libraries that use code directly derived from this original
GT1.x/GT2 code (such as the LCAS and LCMAPS plug-ins in both their LCG and
gLite
incarnations)
* all GT software using routines derived from this code, including the GT4.x
gatekeeper, the workspace service (in .../adduser/source/gridmap.c), possibly
gridFTP as well.

This behaviour has been confirmed on the lcg-CE using the (edg-)gatekeeper
(using an attached debugger), as well as against a plain unmodified GT4.0.2
pre-WS gatekeeper build.

The code suffered from an "off-by-one" error in resognising the escaped quote
characters. It should read like (whitespace compacted):

  ...
  if (strchr(QUOTING_CHARS, *line) != NULL)
  { 
    line++;
    dn_end = line;

    do
    {
      /* BUG RESOLV LINE BELOW: are we on an escaped quote? */
      if (strchr(ESCAPING_CHARS, *(dn_end - 1))) dn_end++;

      dn_end += strcspn(dn_end, QUOTING_CHARS);

      if (*dn_end == NUL)
         return EXIT_FAILURE; /* of the equivalent goto error; */

      /* Make sure it's not escaped */
    }
    while (strchr(ESCAPING_CHARS, *(dn_end - 1)) != NULL);
  }
  ...

with the extra strchr(3) check before the strcspn(3).

This error needs to be propagated to Globus as well.
------- Comment #1 From 2007-01-30 11:01:50 -------
Fix committed to trunk and 4_0 branch
------- Comment #2 From 2007-02-14 11:07:46 -------
fix committed to 3_2 branch as well and the update package for 4.0.3 and 3.2.1
available in the globus advisories web page
(http://www-unix.globus.org/toolkit/advisories.html)