From bd24c6f485ac1421053167eabd6e5e963829403b Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Mon, 25 Nov 2013 13:43:30 +0100
Subject: SYSDB: Sanitize filter before sysdb_search_groups

sysdb_delete_user fails with EIO if user does not exist and contains
backslashes.
ldb could not parse filter (&(objectclass=group)(ghost=usr\\\\001)),
because ghost value was not sanitized

Resolves:
https://fedorahosted.org/sssd/ticket/2163
---
 src/db/sysdb_ops.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/db')

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 094c27b7f..eb88cd256 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2539,6 +2539,7 @@ int sysdb_delete_user(struct sysdb_ctx *sysdb,
     struct ldb_message *msg;
     int ret;
     int i;
+    char *sanitized_name;
 
     tmp_ctx = talloc_new(NULL);
     if (!tmp_ctx) {
@@ -2578,7 +2579,13 @@ int sysdb_delete_user(struct sysdb_ctx *sysdb,
         }
     } else if (ret == ENOENT && name != NULL) {
         /* Perhaps a ghost user? */
-        filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_GHOST, name);
+        ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name);
+        if (ret != EOK) {
+            goto fail;
+        }
+
+        filter = talloc_asprintf(tmp_ctx, "(%s=%s)",
+                                          SYSDB_GHOST, sanitized_name);
         if (filter == NULL) {
             ret = ENOMEM;
             goto fail;
-- 
cgit