diff options
author | Stef Walter <stef@memberwebs.com> | 2004-05-05 22:57:56 +0000 |
---|---|---|
committer | Stef Walter <stef@memberwebs.com> | 2004-05-05 22:57:56 +0000 |
commit | c9b851b3194bf4bff6059e9ff471d125afc39c0f (patch) | |
tree | f06878b2029af0cf5b1f43dfe1da481c08646b3e /daemon/ldap.c | |
parent | aa3b52a5f318e49344d7260333c241f51df1f740 (diff) |
- Escape LDAP filter and DN values properly, to prevent security problems
Diffstat (limited to 'daemon/ldap.c')
-rw-r--r-- | daemon/ldap.c | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/daemon/ldap.c b/daemon/ldap.c index 1e03c32..9fda424 100644 --- a/daemon/ldap.c +++ b/daemon/ldap.c @@ -230,12 +230,53 @@ static int add_cached_basic(ldap_context_t* ctx, unsigned char* key) return HA_OK; } +#define LDAP_NO_ESCAPE "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-_" +#define LDAP_HEX "0123456789abcdef" + +static const char* escape_ldap(ha_buffer_t* buf, const char* str) +{ + const char* t = str; + size_t pos; + + ha_bufcpy(buf, ""); + + while(*t) + { + pos = strspn(t, LDAP_NO_ESCAPE); + + if(pos > 0) + { + ha_bufjoin(buf); + ha_bufncpy(buf, t, pos); + + t += pos; + } + + while(*t && !strchr(LDAP_NO_ESCAPE, t)) + { + char hex[4]; + hex[0] = '\\'; + hex[1] = LDAP_HEX[*t >> 4 & 0xf]; + hex[2] = LDAP_HEX[*t 0xf]; + hex[3] = '\0'; + + ha_bufjoin(buf); + ha_bufcpy(buf, hex); + + t++; + } + } + + return ha_bufdata(buf); +} + static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf, const char* user, const char* str) { const char* t; ASSERT(ctx && buf && user && str); + /* TODO: We need to be escaping the user and realm properly */ /* This starts a new block to join */ ha_bufcpy(buf, ""); @@ -259,13 +300,13 @@ static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf, { case 'u': ha_bufjoin(buf); - ha_bufcpy(buf, user); + escape_ldap(buf, user); t++; break; case 'r': ha_bufjoin(buf); - ha_bufcpy(buf, ctx->opts->realm); + escape_ldap(buf, ctx->opts->realm); t++; break; |