Changeset 672


Ignore:
Timestamp:
Mar 5, 2008, 7:08:01 PM (14 years ago)
Author:
geofft
Message:
Escape the hostname before inserting it in an LDAP query.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/common/oursrc/httpdmods/mod_vhost_ldap.c

    r483 r672  
    420420};
    421421
     422char* mod_vhost_ldap_sanitize(apr_pool_t* p, const char* source) {
     423    char* target = apr_palloc(p, 3*strlen(source)+1);
     424    for (; *source; source++) {
     425        switch (*source) {
     426            case '*':
     427                strcpy(target, "\\2a");
     428                target += 2;
     429                break;
     430            case '(':
     431                strcpy(target, "\\28");
     432                target += 2;
     433                break;
     434            case ')':
     435                strcpy(target, "\\29");
     436                target += 2;
     437                break;
     438            case '\\':
     439                strcpy(target, "\\5c");
     440                target += 2;
     441                break;
     442            default:
     443                *target = *source;
     444        }
     445    }
     446    *target = '\0';
     447    return target;
     448}
     449
    422450#define FILTER_LENGTH MAX_STRING_LEN
    423451static int mod_vhost_ldap_translate_name(request_rec *r)
     
    437465    const char *dn = NULL;
    438466    char *cgi;
    439     const char *hostname = NULL;
     467    const char *hostname = NULL, *s_hostname = NULL;
    440468    int is_fallback = 0;
    441469
     
    471499                   "[mod_vhost_ldap.c]: translating %s", r->uri);
    472500
    473     apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, hostname, hostname);
     501    s_hostname = mod_vhost_ldap_sanitize(r->pool, hostname);
     502    apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, s_hostname, s_hostname);
    474503
    475504    result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
Note: See TracChangeset for help on using the changeset viewer.