summaryrefslogtreecommitdiff
path: root/daemon
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2004-05-05 22:57:56 +0000
committerStef Walter <stef@memberwebs.com>2004-05-05 22:57:56 +0000
commitc9b851b3194bf4bff6059e9ff471d125afc39c0f (patch)
treef06878b2029af0cf5b1f43dfe1da481c08646b3e /daemon
parentaa3b52a5f318e49344d7260333c241f51df1f740 (diff)
- Escape LDAP filter and DN values properly, to prevent security problems
Diffstat (limited to 'daemon')
-rw-r--r--daemon/ldap.c45
1 files changed, 43 insertions, 2 deletions
diff --git a/daemon/ldap.c b/daemon/ldap.c
index 1e03c32..9fda424 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -230,12 +230,53 @@ static int add_cached_basic(ldap_context_t* ctx, unsigned char* key)
return HA_OK;
}
+#define LDAP_NO_ESCAPE "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-_"
+#define LDAP_HEX "0123456789abcdef"
+
+static const char* escape_ldap(ha_buffer_t* buf, const char* str)
+{
+ const char* t = str;
+ size_t pos;
+
+ ha_bufcpy(buf, "");
+
+ while(*t)
+ {
+ pos = strspn(t, LDAP_NO_ESCAPE);
+
+ if(pos > 0)
+ {
+ ha_bufjoin(buf);
+ ha_bufncpy(buf, t, pos);
+
+ t += pos;
+ }
+
+ while(*t && !strchr(LDAP_NO_ESCAPE, t))
+ {
+ char hex[4];
+ hex[0] = '\\';
+ hex[1] = LDAP_HEX[*t >> 4 & 0xf];
+ hex[2] = LDAP_HEX[*t 0xf];
+ hex[3] = '\0';
+
+ ha_bufjoin(buf);
+ ha_bufcpy(buf, hex);
+
+ t++;
+ }
+ }
+
+ return ha_bufdata(buf);
+}
+
static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf,
const char* user, const char* str)
{
const char* t;
ASSERT(ctx && buf && user && str);
+
/* TODO: We need to be escaping the user and realm properly */
/* This starts a new block to join */
ha_bufcpy(buf, "");
@@ -259,13 +300,13 @@ static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf,
{
case 'u':
ha_bufjoin(buf);
- ha_bufcpy(buf, user);
+ escape_ldap(buf, user);
t++;
break;
case 'r':
ha_bufjoin(buf);
- ha_bufcpy(buf, ctx->opts->realm);
+ escape_ldap(buf, ctx->opts->realm);
t++;
break;