From 9edebfb8e972736eb95763b31af9740fca6775b1 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 28 Oct 2010 20:34:45 -0400 Subject: Sanitize sysdb filters in the LDAP provider --- src/providers/ldap/sdap_async_accounts.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'src/providers/ldap/sdap_async_accounts.c') diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 6b14161ce..ab599f8c8 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -2590,6 +2590,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req) errno_t ret; struct sdap_nested_group_ctx *state = tevent_req_data(req, struct sdap_nested_group_ctx); + char *member_dn; char *filter; static const char *attrs[] = SYSDB_PW_ATTRS; size_t count; @@ -2636,10 +2637,15 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req) } while (has_key); + ret = sss_filter_sanitize(state, state->member_dn, &member_dn); + if (ret != EOK) { + goto error; + } + /* Check for the specified origDN in the sysdb */ filter = talloc_asprintf(NULL, "(%s=%s)", SYSDB_ORIG_DN, - state->member_dn); + member_dn); if (!filter) { ret = ENOMEM; goto error; @@ -2657,11 +2663,13 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req) filter = talloc_asprintf(NULL, "(%s=%s)", SYSDB_ORIG_DN, - state->member_dn); + member_dn); if (!filter) { ret = ENOMEM; goto error; } + talloc_zfree(member_dn); + ret = sysdb_search_groups(state, state->sysdb, state->domain, filter, attrs, &count, &msgs); talloc_zfree(filter); @@ -2710,6 +2718,7 @@ static errno_t sdap_nested_group_process_step(struct tevent_req *req) return EAGAIN; } + talloc_zfree(member_dn); /* We found a user with this origDN in the sysdb */ -- cgit