Bug Tracker item #2933017, was opened at 2010-01-15 18:11
Message generated for change (Comment added) made by hmonteiro
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=2933017&group_id=250683

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: daemon
Group: v3.9.0
>Status: Closed
Resolution: None
Priority: 7
Private: No
Submitted By: Enrico Scholz (ensc)
Assigned to: Hugo Monteiro (hmonteiro)
Summary: Missing input validation in ExtLookupQuery

Initial Comment:
$ dspamc --classify --user 'foobar)(uid=foo)'   -- < /tmp/sp

causes dspam daemon to crash with

| dspam: ../../../libraries/libldap/error.c:273: ldap_parse_result: Assertion 
`r != ((void *)0)' failed.


Configuration is

| ExtLookupDriver               ldap
| ExtLookupQuery                
"(&(objectClass=inetLocalMailRecipient)(|(mail=%u)(mailLocalAddress=%u)(uid=%u)))"



----------------------------------------------------------------------

>Comment By: Hugo Monteiro (hmonteiro)
Date: 2010-01-16 21:45

Message:
Enrico,

The username insertion in the query is now escaped as defined by RFC2254.
As always, feedback on the fixes is always welcome.

Best Regards,

Hugo Monteiro.


----------------------------------------------------------------------

Comment By: Enrico Scholz (ensc)
Date: 2010-01-16 10:00

Message:
It should suffice to escape %u properly. See RFC 2254, "4. String Search
Filter Definition".  E.g. %u above would translate to

 foobar\)\(uid=foo\)

Implementation should support ExtLookupDriver specific methods; e.g. for
'program', no translation is needed because execve() is used.

----------------------------------------------------------------------

Comment By: Hugo Monteiro (hmonteiro)
Date: 2010-01-15 19:11

Message:
Thank you for submitting the report. I will try fix it as soon as i can.

Best regards,

Hugo Monteiro.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=2933017&group_id=250683

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Dspam-devel mailing list
Dspam-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-devel

Reply via email to