This is an automated email from the ASF dual-hosted git repository.
ocket8888 pushed a commit to branch 5.1.x
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/5.1.x by this push:
new bc1bf15 Sanitize username before executing LDAP query
bc1bf15 is described below
commit bc1bf15a3e06706ebd0573018022f58895e911ca
Author: ZHOU PERTER <[email protected]>
AuthorDate: Sat Oct 30 00:56:52 2021 +0800
Sanitize username before executing LDAP query
(cherry picked from commit 32a41fcf3934a03905d6c3d8f6082300634da017)
---
traffic_ops/traffic_ops_golang/auth/ldap.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/traffic_ops/traffic_ops_golang/auth/ldap.go
b/traffic_ops/traffic_ops_golang/auth/ldap.go
index b294285..0c8403d 100644
--- a/traffic_ops/traffic_ops_golang/auth/ldap.go
+++ b/traffic_ops/traffic_ops_golang/auth/ldap.go
@@ -87,7 +87,7 @@ func LookupUserDN(username string, cfg *config.ConfigLDAP)
(string, bool, error)
searchRequest := ldap.NewSearchRequest(
cfg.SearchBase,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
- fmt.Sprintf(cfg.SearchQuery, username),
+ fmt.Sprintf(cfg.SearchQuery, ldap.EscapeFilter(username)),
[]string{"dn"},
nil,
)
