Re: [Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-09 Thread Adam Tkac
On 05/03/2012 03:46 PM, Petr Spacek wrote: On 05/03/2012 11:25 AM, Petr Spacek wrote: Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary to prevent (potential) LDAP injection attacks in future. Code isn't very nice, because DNS users decimal escaping \123, LDAP uses

Re: [Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-09 Thread Petr Spacek
On 05/09/2012 01:24 PM, Adam Tkac wrote: On 05/03/2012 03:46 PM, Petr Spacek wrote: On 05/03/2012 11:25 AM, Petr Spacek wrote: Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary to prevent (potential) LDAP injection attacks in future. Code isn't very nice, because

Re: [Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-09 Thread Petr Spacek
On 05/09/2012 02:17 PM, Adam Tkac wrote: On 05/09/2012 02:11 PM, Petr Spacek wrote: On 05/09/2012 01:24 PM, Adam Tkac wrote: On 05/03/2012 03:46 PM, Petr Spacek wrote: On 05/03/2012 11:25 AM, Petr Spacek wrote: Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary to

[Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-03 Thread Petr Spacek
Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary to prevent (potential) LDAP injection attacks in future. Code isn't very nice, because DNS users decimal escaping \123, LDAP uses hexadecimal escaping \ab and set of escaped characters is smaller in DNS than in

Re: [Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-03 Thread Petr Spacek
On 05/03/2012 11:25 AM, Petr Spacek wrote: Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary to prevent (potential) LDAP injection attacks in future. Code isn't very nice, because DNS users decimal escaping \123, LDAP uses hexadecimal escaping \ab and set of escaped

Re: [Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls

2012-05-03 Thread Petr Spacek
On 05/03/2012 11:25 AM, Petr Spacek wrote: Hello, this patch adds missing DNS-LDAP escaping conversion. It's necessary to prevent (potential) LDAP injection attacks in future. Code isn't very nice, because DNS users decimal escaping \123, LDAP uses hexadecimal escaping \ab and set of escaped