From c9b851b3194bf4bff6059e9ff471d125afc39c0f Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 5 May 2004 22:57:56 +0000 Subject: - Escape LDAP filter and DN values properly, to prevent security problems --- daemon/ldap.c | 45 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) (limited to 'daemon') diff --git a/daemon/ldap.c b/daemon/ldap.c index 1e03c32..9fda424 100644 --- a/daemon/ldap.c +++ b/daemon/ldap.c @@ -230,12 +230,53 @@ static int add_cached_basic(ldap_context_t* ctx, unsigned char* key) return HA_OK; } +#define LDAP_NO_ESCAPE "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-_" +#define LDAP_HEX "0123456789abcdef" + +static const char* escape_ldap(ha_buffer_t* buf, const char* str) +{ + const char* t = str; + size_t pos; + + ha_bufcpy(buf, ""); + + while(*t) + { + pos = strspn(t, LDAP_NO_ESCAPE); + + if(pos > 0) + { + ha_bufjoin(buf); + ha_bufncpy(buf, t, pos); + + t += pos; + } + + while(*t && !strchr(LDAP_NO_ESCAPE, t)) + { + char hex[4]; + hex[0] = '\\'; + hex[1] = LDAP_HEX[*t >> 4 & 0xf]; + hex[2] = LDAP_HEX[*t 0xf]; + hex[3] = '\0'; + + ha_bufjoin(buf); + ha_bufcpy(buf, hex); + + t++; + } + } + + return ha_bufdata(buf); +} + static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf, const char* user, const char* str) { const char* t; ASSERT(ctx && buf && user && str); + /* TODO: We need to be escaping the user and realm properly */ /* This starts a new block to join */ ha_bufcpy(buf, ""); @@ -259,13 +300,13 @@ static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf, { case 'u': ha_bufjoin(buf); - ha_bufcpy(buf, user); + escape_ldap(buf, user); t++; break; case 'r': ha_bufjoin(buf); - ha_bufcpy(buf, ctx->opts->realm); + escape_ldap(buf, ctx->opts->realm); t++; break; -- cgit v1.2.3