diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-31 13:00:56 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-15 07:34:55 -0500 |
| commit | f30072b92b45d2464d4a3ab7e3409073f5b473ab (patch) | |
| tree | 80f5dd39e7e0fb6dd623c821f03efa9db0bd1ab0 /src | |
| parent | a1af9beb915e96da634b7d17762bf42146104d45 (diff) | |
| download | sssd_unused-f30072b92b45d2464d4a3ab7e3409073f5b473ab.tar.gz sssd_unused-f30072b92b45d2464d4a3ab7e3409073f5b473ab.tar.xz sssd_unused-f30072b92b45d2464d4a3ab7e3409073f5b473ab.zip | |
Sanitize search filters for nested group lookups
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 648f9a73..5b6d3d74 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -3409,6 +3409,7 @@ errno_t save_rfc2307bis_user_memberships( { errno_t ret, tret; char *member_dn; + char *sanitized_dn; char *filter; const char **attrs; size_t reply_count, i; @@ -3447,12 +3448,18 @@ errno_t save_rfc2307bis_user_memberships( ret = ENOMEM; goto error; } + ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn); + if (ret != EOK) { + goto error; + } + talloc_free(member_dn); - filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn); + filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn); if (!filter) { ret = ENOMEM; goto error; } + talloc_free(sanitized_dn); ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom, filter, attrs, &reply_count, &replies); @@ -3874,6 +3881,7 @@ static errno_t rfc2307bis_nested_groups_update_sysdb( const char *name; bool in_transaction = false; char *member_dn; + char *sanitized_dn; char *filter; const char **attrs; size_t reply_count, i; @@ -3918,12 +3926,18 @@ static errno_t rfc2307bis_nested_groups_update_sysdb( goto error; } - filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn); + ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn); + if (ret != EOK) { + goto error; + } + talloc_free(member_dn); + + filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn); if (!filter) { ret = ENOMEM; goto error; } - talloc_free(member_dn); + talloc_free(sanitized_dn); ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom, filter, attrs, |