From be434625437ff3dd4cce83a655226c67943e5ceb Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 12 Nov 2010 09:36:56 -0500
Subject: Sanitize ldap attributes in the config file

https://fedorahosted.org/sssd/ticket/458
---
 src/providers/ldap/sdap.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 95b63d17c..047562f78 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -34,6 +34,7 @@ int sdap_get_map(TALLOC_CTX *memctx,
                  struct sdap_attr_map **_map)
 {
     struct sdap_attr_map *map;
+    char *name;
     int i, ret;
 
     map = talloc_array(memctx, struct sdap_attr_map, num_entries);
@@ -50,8 +51,26 @@ int sdap_get_map(TALLOC_CTX *memctx,
         ret = confdb_get_string(cdb, map, conf_path,
                                 map[i].opt_name,
                                 map[i].def_name,
-                                &map[i].name);
-        if ((ret != EOK) || (map[i].def_name && !map[i].name)) {
+                                &name);
+        if (ret != EOK) {
+            DEBUG(0, ("Failed to retrieve value for %s\n", map[i].opt_name));
+            talloc_zfree(map);
+            return EINVAL;
+        }
+
+        if (name) {
+            ret = sss_filter_sanitize(map, name, &map[i].name);
+            if (ret != EOK) {
+                DEBUG(1, ("Could not sanitize attribute [%s]\n", name));
+                talloc_zfree(map);
+                return EINVAL;
+            }
+            talloc_zfree(name);
+        } else {
+            map[i].name = NULL;
+        }
+
+        if (map[i].def_name && !map[i].name) {
             DEBUG(0, ("Failed to retrieve value for %s\n", map[i].opt_name));
             if (ret != EOK) {
                 talloc_zfree(map);
-- 
cgit