From 979943195da209bdc28efd5e90a19f888f4b88ed Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 31 Jan 2011 13:00:56 -0500 Subject: [PATCH] Sanitize search filters for nested group lookups --- src/providers/ldap/sdap_async_accounts.c | 20 +++++++++++++++++--- 1 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 648f9a734eca60401c07d2b0d0fa432751c9ab73..5b6d3d74ac1496fe6a4266c327d0111e12e24b64 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -3409,6 +3409,7 @@ errno_t save_rfc2307bis_user_memberships( { errno_t ret, tret; char *member_dn; + char *sanitized_dn; char *filter; const char **attrs; size_t reply_count, i; @@ -3447,12 +3448,18 @@ errno_t save_rfc2307bis_user_memberships( ret = ENOMEM; goto error; } + ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn); + if (ret != EOK) { + goto error; + } + talloc_free(member_dn); - filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn); + filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn); if (!filter) { ret = ENOMEM; goto error; } + talloc_free(sanitized_dn); ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom, filter, attrs, &reply_count, &replies); @@ -3874,6 +3881,7 @@ static errno_t rfc2307bis_nested_groups_update_sysdb( const char *name; bool in_transaction = false; char *member_dn; + char *sanitized_dn; char *filter; const char **attrs; size_t reply_count, i; @@ -3918,12 +3926,18 @@ static errno_t rfc2307bis_nested_groups_update_sysdb( goto error; } - filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn); + ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn); + if (ret != EOK) { + goto error; + } + talloc_free(member_dn); + + filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn); if (!filter) { ret = ENOMEM; goto error; } - talloc_free(member_dn); + talloc_free(sanitized_dn); ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom, filter, attrs, -- 1.7.3.5