diff options
3 files changed, 33 insertions, 5 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java index b5032fa86..a7876a6c6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeysResourceService.java @@ -30,6 +30,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.cms.servlet.base.CMSResourceService; import com.netscape.cms.servlet.key.model.KeyDAO; import com.netscape.cms.servlet.key.model.KeyDataInfos; +import com.netscape.cmsutil.ldap.LDAPUtil; /** * @author alee @@ -71,12 +72,12 @@ public class KeysResourceService extends CMSResourceService implements KeysResou } if (status != null) { - filter += "(status=" + status + ")"; + filter += "(status=" + LDAPUtil.escape(status) + ")"; matches ++; } if (clientID != null) { - filter += "(clientID=" + clientID + ")"; + filter += "(clientID=" + LDAPUtil.escape(clientID) + ")"; matches ++; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java index 9b11a96d6..11898ef7a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyRequestsResourceService.java @@ -29,6 +29,7 @@ import com.netscape.certsrv.request.RequestId; import com.netscape.cms.servlet.base.CMSResourceService; import com.netscape.cms.servlet.request.model.KeyRequestDAO; import com.netscape.cms.servlet.request.model.KeyRequestInfos; +import com.netscape.cmsutil.ldap.LDAPUtil; /** * @author alee @@ -77,17 +78,17 @@ public class KeyRequestsResourceService extends CMSResourceService implements Ke } if (requestState != null) { - filter += "(requeststate=" + requestState + ")"; + filter += "(requeststate=" + LDAPUtil.escape(requestState) + ")"; matches ++; } if (requestType != null) { - filter += "(requesttype=" + requestType + ")"; + filter += "(requesttype=" + LDAPUtil.escape(requestType) + ")"; matches ++; } if (clientID != null) { - filter += "(clientID=" + clientID + ")"; + filter += "(clientID=" + LDAPUtil.escape(clientID) + ")"; matches ++; } diff --git a/pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java b/pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java index a78f8ac55..e821db67a 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java +++ b/pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java @@ -33,6 +33,32 @@ import netscape.ldap.util.LDIFModifyContent; import netscape.ldap.util.LDIFRecord; public class LDAPUtil { + + // special chars are *, (, ), \, null + public static String SPECIAL_CHARS = "*()\\\000"; + + /** + * This method escapes special characters for LDAP filter (RFC 4515). + * Each special character will be replaced by a backslash followed by + * 2-digit hex of the ASCII code. + * + * @param string string to escape + * @return escaped string + */ + public static String escape(String string) { + StringBuilder sb = new StringBuilder(); + for (char c : string.toCharArray()) { + if (SPECIAL_CHARS.indexOf(c) >= 0) { + sb.append('\\'); + if (c < 0x10) sb.append('0'); // make sure it's 2-digit + sb.append(Integer.toHexString(c)); + } else { + sb.append(c); + } + } + return sb.toString(); + } + public static void importLDIF(LDAPConnection conn, String filename, ArrayList<String> errors) throws IOException { LDIF ldif = new LDIF(filename); while (true) { |