diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-31 13:00:56 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-01 07:23:19 -0500 |
| commit | 59baf70cd4b4f457a1f333c5dfcbbe9872ac26ef (patch) | |
| tree | 8faa1ed8c5e08640de461c72d69841d30b7a4d0d | |
| parent | f538f60af6eb89ffada04d42a6645680543c8722 (diff) | |
| download | sssd-59baf70cd4b4f457a1f333c5dfcbbe9872ac26ef.tar.gz sssd-59baf70cd4b4f457a1f333c5dfcbbe9872ac26ef.tar.xz sssd-59baf70cd4b4f457a1f333c5dfcbbe9872ac26ef.zip | |
Sanitize search filters for nested group lookups
| -rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 648f9a734..5b6d3d74a 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -3409,6 +3409,7 @@ errno_t save_rfc2307bis_user_memberships( { errno_t ret, tret; char *member_dn; + char *sanitized_dn; char *filter; const char **attrs; size_t reply_count, i; @@ -3447,12 +3448,18 @@ errno_t save_rfc2307bis_user_memberships( ret = ENOMEM; goto error; } + ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn); + if (ret != EOK) { + goto error; + } + talloc_free(member_dn); - filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn); + filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn); if (!filter) { ret = ENOMEM; goto error; } + talloc_free(sanitized_dn); ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom, filter, attrs, &reply_count, &replies); @@ -3874,6 +3881,7 @@ static errno_t rfc2307bis_nested_groups_update_sysdb( const char *name; bool in_transaction = false; char *member_dn; + char *sanitized_dn; char *filter; const char **attrs; size_t reply_count, i; @@ -3918,12 +3926,18 @@ static errno_t rfc2307bis_nested_groups_update_sysdb( goto error; } - filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn); + ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn); + if (ret != EOK) { + goto error; + } + talloc_free(member_dn); + + filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn); if (!filter) { ret = ENOMEM; goto error; } - talloc_free(member_dn); + talloc_free(sanitized_dn); ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom, filter, attrs, |