Bug#465249: patch for escaping LDAP lookups

Sat, 23 Feb 2008 00:37:06 -0800 

tags 465249 + patch
thanks

Attached is a patch for escaping lookup values. This patch isn't
extensively tested yet.

-- 
-- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --

--- autofs-4.1.4/modules/lookup_ldap.c	2005-02-27 06:37:14.000000000 +0100
+++ autofs-4.1.4+debian/modules/lookup_ldap.c	2008-02-23 09:07:32.000000000 +0100
@@ -188,6 +188,47 @@
 	return !(ctxt->parse = open_parse(mapfmt, MODPREFIX, argc - 1, argv + 1));
 }
 
+/* This function escapes the string in src into the provided buffer.
+   It will return 0 on success and -1 on if it did not fit in the buffer. */
+static int query_escape(const char *src,char *buffer,size_t buflen)
+{
+	size_t pos=0;
+	/* go over all characters in source string */
+	for (;*src!='\0';src++) {
+		/* check if char will fit */
+		if (pos>=(buflen+4)) {
+			buffer[pos]='\0';
+			return -1;
+		}
+		/* do escaping for some characters */
+		switch (*src) {
+			case '*':
+				strcpy(buffer+pos,"\\2a");
+				pos+=3;
+				break;
+			case '(':
+				strcpy(buffer+pos,"\\28");
+				pos+=3;
+				break;
+			case ')':
+				strcpy(buffer+pos,"\\29");
+				pos+=3;
+				break;
+			case '\\':
+				strcpy(buffer+pos,"\\5c");
+				pos+=3;
+				break;
+			default:
+				/* just copy character */
+				buffer[pos++]=*src;
+				break;
+		}
+	}
+	/* terminate destination string */
+	buffer[pos]='\0';
+	return 0;
+}
+
 static int read_one_map(const char *root,
 			const char *class, char *key,
 			const char *keyval, int keyvallen, char *type,
@@ -201,12 +242,22 @@
 	char **values = NULL;
 	char *attrs[] = { key, type, NULL };
 	LDAP *ldap;
+	char keyvalbuf[KEY_MAX_LEN + 1];
 
 	if (ctxt == NULL) {
 		crit(MODPREFIX "context was NULL");
 		return 0;
 	}
 
+	/* Escape the lookup keyval. */
+	if (keyvallen > 0) {
+		if (query_escape(keyval,keyvalbuf,sizeof(keyvalbuf))) {
+			debug(MODPREFIX "error escaping keyval string");
+		}
+		keyval=keyvalbuf;
+		keyvallen=strlen(keyvalbuf);
+	}
+
 	/* Build a query string. */
 	l = strlen("(objectclass=)") + strlen(class) + 1;
 	if (keyvallen > 0) {
@@ -391,12 +442,19 @@
 	LDAP *ldap;
 	struct mapent_cache *me = NULL;
 	int ret = CHE_OK;
+	char qKeybuf[KEY_MAX_LEN + 1];
 
 	if (ctxt == NULL) {
 		crit(MODPREFIX "context was NULL");
 		return 0;
 	}
 
+	/* Escape the lookup qKey. */
+  if (query_escape(qKey,qKeybuf,sizeof(qKeybuf))) {
+		debug(MODPREFIX "error escaping keyval string");
+	}
+	qKey=qKeybuf;
+
 	/* Build a query string. */
 	l = strlen("(&(objectclass=") + strlen(class) + strlen(")");
 	l += strlen("(") + strlen(key) + strlen("=")

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to