From 48ef7b65db0fb71fbdc0eea6610699b166f50040 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sun, 16 Oct 2011 21:17:59 +0200
Subject: Sanitize DN in sysdb_get_direct_parents

---
 src/db/sysdb_search.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index 9c386cae6..6386795c6 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -899,6 +899,7 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
 {
     errno_t ret;
     const char *dn;
+    char *sanitized_dn;
     struct ldb_dn *basedn;
     static const char *group_attrs[] = { SYSDB_NAME, NULL };
     const char *member_filter;
@@ -927,9 +928,14 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
+    ret = sss_filter_sanitize(tmp_ctx, dn, &sanitized_dn);
+    if (ret != EOK) {
+        goto done;
+    }
+
     member_filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s))",
                                     SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS,
-                                    SYSDB_MEMBER, dn);
+                                    SYSDB_MEMBER, sanitized_dn);
     if (!member_filter) {
         ret = ENOMEM;
         goto done;
-- 
cgit