[prev in list] [next in list] [prev in thread] [next in thread] 

List:       perl-ldap-dev
Subject:    Re: Minor bug in LDIF write_entry - base64 encode section
From:       "Andrew Johns" <ajohns () firstpointglobal ! com>
Date:       2004-10-12 8:09:29
Message-ID: 57739.192.168.100.1.1097568569.squirrel () 192 ! 168 ! 100 ! 1
[Download RAW message or body]

> On 12 Oct 2004, at 02:10, Andrew Johns wrote:
>> The reason is that the check for base64-encoding the attribute VALUE
>> (the
>> name is done correctly) ignores the 'less than' symbol '<' - the dn and
>> attribute names are handled correctly.
>>
>> It's a one-byte change to LDIF.pm as you can see below...
>>
>> $ diff LDIF.pm LDIF.pm.saved
>> 354c354
>> <     if ($v =~ /(^[ :<]|[\x00-\x1f\x7f-\xff])/) {
>> ---
>>>     if ($v =~ /(^[ :]|[\x00-\x1f\x7f-\xff])/) {
>
> No, the original code is correct. RFC2849 states
>
> value-spec               = ":" (    FILL 0*1(SAFE-STRING) /
>                                  ":" FILL (BASE64-STRING) /
>                                  "<" FILL url)
>
> SAFE-INIT-CHAR           = %x01-09 / %x0B-0C / %x0E-1F /
>                             %x21-39 / %x3B / %x3D-7F
>                             ; any value <= 127 except NUL, LF, CR,
>                             ; SPACE, colon (":", ASCII 58 decimal)
>                             ; and less-than ("<" , ASCII 60 decimal)
>
> SAFE-STRING              = [SAFE-INIT-CHAR *SAFE-CHAR]
>
> So any value beginning with : or < is not a SAFE-STRING and must be
> base64 encoded
>
> Graham.

Hi Graham,

You are absolutely correct in your statement, but your code differs :) or
I am going mad :)

In LDIF.pm.saved (the original) at line 354, it fails to check for the <
character, as you can see in the second line of my diff output, hence it
will not base64 encode the data to be written:
     if ($v =~ /(^[ :]|[\x00-\x1f\x7f-\xff])/) {

The remainder of this code block goes on to base64 encode the data to be
written to the file *if* the first character is a space, colon or in the
ranges specified.  Unfortunately, the < character (ascii dec=60, hex=3C)
is not in any of those ranges, hence my one byte change.

For example (see code below), without my modification, I get this:
eracl: <AccessRight name= etc etc

instead of this:
eracl:: PEFjY2 (remainder removed)

The code for this is included at the end of this email below - it simply
reads from one LDIF file and writes to another. I cannot supply you with
the LDIF files I am using unfortunately, for numerous reasons...

I hope we agree or you prove me wrong :)

Best Regards
dm00d

------------------------ convert-test.pl --------------------------------
#!/usr/bin/perl -w

use Net::LDAP::LDIF;
use Net::LDAP;
use MIME::Base64;

my $entry;

# Open the input LDIF file for reading/processing
my $ldif = Net::LDAP::LDIF->new( $ARGV[0], "r", onerror => 'die' );

# Open the output LDIF file for writing
#my $outputldif = Net::LDAP::LDIF->new( "output.ldif", "w", encode =>
"base64", onerror => 'die' );
# Graham - the above line made absolutely no difference....
my $outputldif = Net::LDAP::LDIF->new("output.ldif","w",onerror => 'die');

# Main loop - read and process LDIF records (that often span mult lines);
while( not $ldif->eof() ) {

        $entry = $ldif->read_entry();

        if ( $ldif->error() ) {
                print "\n\nError msg: ", $ldif->error(), "\n";
                print "Error lines:\n", $ldif->error_lines(), "\n";
                die;
        } else {
            $outputldif->write_entry($entry);
        }
}

# Finished processing the input file... close all handles
$ldif->done ( );
$outputldif->done ( );

[prev in list] [next in list] [prev in thread] [next in thread]