Sanitize sysdb filters in the LDAP provider

author: Stephen Gallagher <sgallagh@redhat.com> 2010-10-28 20:34:45 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-11-15 09:52:35 -0500
commit: 9edebfb8e972736eb95763b31af9740fca6775b1 (patch)
tree: 34d355a74f1d6ded198b253b5871a4aac40c9035 /src
parent: 0940074366b91dc4005a2b531a99231d1efdeadf (diff)
download: sssd-9edebfb8e972736eb95763b31af9740fca6775b1.tar.gz
sssd-9edebfb8e972736eb95763b31af9740fca6775b1.tar.xz
sssd-9edebfb8e972736eb95763b31af9740fca6775b1.zip
1 files changed, 11 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index 6b14161ce..ab599f8c8 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -2590,6 +2590,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req)
     errno_t ret;
     struct sdap_nested_group_ctx *state =
             tevent_req_data(req, struct sdap_nested_group_ctx);
+    char *member_dn;
     char *filter;
     static const char *attrs[] = SYSDB_PW_ATTRS;
     size_t count;
@@ -2636,10 +2637,15 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req)
 
         } while (has_key);
 
+        ret = sss_filter_sanitize(state, state->member_dn, &member_dn);
+        if (ret != EOK) {
+            goto error;
+        }
+
         /* Check for the specified origDN in the sysdb */
         filter = talloc_asprintf(NULL, "(%s=%s)",
                                  SYSDB_ORIG_DN,
-                                 state->member_dn);
+                                 member_dn);
         if (!filter) {
             ret = ENOMEM;
             goto error;
@@ -2657,11 +2663,13 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req)
 
             filter = talloc_asprintf(NULL, "(%s=%s)",
                                      SYSDB_ORIG_DN,
-                                     state->member_dn);
+                                     member_dn);
             if (!filter) {
                 ret = ENOMEM;
                 goto error;
             }
+            talloc_zfree(member_dn);
+
             ret = sysdb_search_groups(state, state->sysdb, state->domain,
                                       filter, attrs, &count, &msgs);
             talloc_zfree(filter);
@@ -2710,6 +2718,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req)
 
             return EAGAIN;
         }
+        talloc_zfree(member_dn);
 
         /* We found a user with this origDN in the sysdb */
author	Stephen Gallagher <sgallagh@redhat.com>	2010-10-28 20:34:45 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-11-15 09:52:35 -0500
commit	9edebfb8e972736eb95763b31af9740fca6775b1 (patch)
tree	34d355a74f1d6ded198b253b5871a4aac40c9035 /src
parent	0940074366b91dc4005a2b531a99231d1efdeadf (diff)
download	sssd-9edebfb8e972736eb95763b31af9740fca6775b1.tar.gz sssd-9edebfb8e972736eb95763b31af9740fca6775b1.tar.xz sssd-9edebfb8e972736eb95763b31af9740fca6775b1.zip