Some objectGUID buffer cause error in escape filter function

[ciePIC]

Search object by objectGUID in MS AD cause error for some GUID buffer.
For example with 2 real GUID :

• <Buffer e4 80 74 d3 3e 27 9c 46 b3 33 a3 5f 07 ff 87 a3> works
• <Buffer 44 29 12 42 1d e1 91 41 98 cc 40 92 51 52 7b df> cause error :
  TypeError: Cannot read properties of undefined (reading 'toString')

This is caused because GUID buffer is not representing character and sometimes, escape function try to escape 2 or 3 bytes at the last buffer byte.
Fix by checking buffer index before try to add second/third byte.

[jsumners]

Can you please provide an example of what causes the issue you are attempting to solve here? Also, we will need unit tests that cover these cases.

[ciePIC]

I try to retrive one user by his objectGUID from an Microsoft Active Directory with the simplified code as follow and ldap.js lib :

I pass the objectGUID buffer as value field of an EqualityFilter. For some user, it works very well but for some other, I get an error : TypeError: Cannot read properties of undefined (reading 'toString')
After investigating, this error is in the escape function. objectGUID is a 16 bytes buffer of binary data so, for example, the last byte can trig in the escape function of 2 or 3 bytes encoding. In this case the function was trying to access to the "i+1" byte but if it occur on the last buffer byte, there is no "+1 byte" so "undefined" is returned. And .toString function cannot be called on undefined value.
This case can append on every binary data.

I will think about implementing a unit test for this case because we can produce many and many use case....

//Two objectGUID retrive before from AD.
//First work as expected
//Second cause error
let myBuf1 = Buffer.from([0xe4, 0x80, 0x74, 0xd3, 0x3e, 0x27, 0x9c, 0x46, 0xb3, 0x33, 0xa3, 0x5f, 0x07, 0xff, 0x87, 0xa3]);
let myBuf2 = Buffer.from([0x44, 0x29, 0x12, 0x42, 0x1d, 0xe1, 0x91, 0x41, 0x98, 0xcc, 0x40, 0x92, 0x51, 0x52, 0x7b, 0xdf]);

//Create filter to retrive user
let filter = new filters.AndFilter({
    filters: [
        new filters.EqualityFilter({
            attribute: "objectclass",
            value: "user"
        }),
        new filters.EqualityFilter({
            attribute: "objectGUID",
            value: myBuf2
         })
    ]
});

//Search user
let ldapClient = createAndBindClient(); //Personnal function that use ldapjs and return a binded client with read authorizations.
let searchOptions = { filter: filter, scope: 'sub' };
ldapClient.search(searchBase, searchOptions, function (err, res) {
    var users = [];
    if (err) { reject(err); ldapClient.unbind(); return; }
    res.on('searchEntry', function (entry) { users.push(entry); });
    res.on('searchReference', function (referral) { /*NOT IMPLEMENTED */ });
    res.on('error', function (err) { reject(err); ldapClient.unbind(); });
    res.on('end', function (result) {
        if (result.status != 0) { reject(new Error('ldap search status is not 0, search failed')); }
        else { resolve(users); }
        ldapClient.unbind();
    })
})

[ciePIC]

Hello, I have add a unit test for my usecase.
I have write a simple test with low length Buffer that cause issue for the same reasons.

[jsumners]

Please run npm run lint prior to committing your changes.

[ciePIC]

Hello, I have done changes. I wait answer about incomplete code because I don't understand...