Hi list,

I'm writing about the recent bug reported by Enrico Scholz, as described 
in 
https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=2933017&group_id=250683

The problem exists because there is no verification of the filter build 
with base on the ExtLookupQuery, when using the ldap driver.

Now the BIG problem is that making a parser for that is no sweet potato 
at all. Unfortunately the OpenLDAP guys didn't make available in their 
public API the functions they regularly use to make such tests. All is 
done through a private API, meaning that such routines aren't available 
in any of their shared libs.

I have went through their code and what we would apparently need is a 
function called ldap_pvt_put_filter. Porting that function, and its 
dependencies, would mean including a *not so small* part of their code 
in the dspam code. Maintaining such code would be a major PITA.

That said, i'm frankly very open to sugestions.

Best regards,

Hugo Monteiro.

-- 
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email    : hugo.monte...@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
                   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.ci.fct.unl.pt             ap...@fct.unl.pt

fct.unl.pt:~# _


------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Dspam-devel mailing list
Dspam-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-devel

Reply via email to