[Freeipa-devel] [PATCH 0019] Add proper DN escaping before LDAP library calls
Petr Spacek
pspacek at redhat.com
Wed May 9 12:11:09 UTC 2012
On 05/09/2012 01:24 PM, Adam Tkac wrote:
> On 05/03/2012 03:46 PM, Petr Spacek wrote:
>> On 05/03/2012 11:25 AM, Petr Spacek wrote:
>>> Hello,
>>>
>>> this patch adds missing DNS->LDAP escaping conversion. It's necessary to
>>> prevent (potential) LDAP injection attacks in future.
>>>
>>> Code isn't very nice, because DNS users decimal escaping \123, LDAP uses
>>> hexadecimal escaping \ab and set of escaped characters is smaller in DNS than
>>> in LDAP.
>>>
>>> Any improvements are welcome.
>>>
>>> Petr^2 Spacek
>>
>> Here is second version of the patch.
>>
>> Changes:
>> - comments
>> - order of [._-] in if()
>> - function was renamed to dns_to_ldap_dn_escape()
>>
>> Escaping logic itself wasn't changed.
>
> Hello Peter,
>
> please check my comments inside the patch.
Oh, I feel so ashamed. All errors were corrected, see attachment.
Petr^2 Spacek
>
> Regards, Adam
>
>>
>> Petr^2 Spacek
>>
>> bind-dyndb-ldap-pspacek-0019-2-Add-proper-DN-escaping-before-LDAP-library-calls.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bind-dyndb-ldap-pspacek-0019-3-Add-proper-DN-escaping-before-LDAP-library-calls.patch
Type: text/x-patch
Size: 6957 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120509/fbee7ae4/attachment.bin>
More information about the Freeipa-devel
mailing list