File CVE-2025-61912-escape-nuls-correctly-escape-dn-chars.patch of Package python-ldap.41138

From 6ea80326a34ee6093219628d7690bced50c49a3f Mon Sep 17 00:00:00 2001
From: Simon Pichugin <simon.pichugin@gmail.com>
Date: Fri, 10 Oct 2025 10:46:45 -0700
Subject: [PATCH] Merge commit from fork

Update tests to expect \00 and verify RFC-compliant escaping
---
 Lib/ldap/dn.py     | 3 ++-
 Tests/t_ldap_dn.py | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

Index: python-ldap-3.4.0/Lib/ldap/dn.py
===================================================================
--- python-ldap-3.4.0.orig/Lib/ldap/dn.py
+++ python-ldap-3.4.0/Lib/ldap/dn.py
@@ -26,7 +26,8 @@ def escape_dn_chars(s):
     s = s.replace('>' ,'\\>')
     s = s.replace(';' ,'\\;')
     s = s.replace('=' ,'\\=')
-    s = s.replace('\000' ,'\\\000')
+    # RFC 4514 requires NULL (U+0000) to be escaped as hex pair "\00"
+    s = s.replace('\x00' ,'\\00')
     if s[-1]==' ':
       s = ''.join((s[:-1],'\\ '))
     if s[0]=='#' or s[0]==' ':
Index: python-ldap-3.4.0/Tests/t_ldap_dn.py
===================================================================
--- python-ldap-3.4.0.orig/Tests/t_ldap_dn.py
+++ python-ldap-3.4.0/Tests/t_ldap_dn.py
@@ -49,7 +49,7 @@ class TestDN(unittest.TestCase):
         self.assertEqual(ldap.dn.escape_dn_chars(' '), '\\ ')
         self.assertEqual(ldap.dn.escape_dn_chars('  '), '\\ \\ ')
         self.assertEqual(ldap.dn.escape_dn_chars('foobar '), 'foobar\\ ')
-        self.assertEqual(ldap.dn.escape_dn_chars('f+o>o,b<a;r="\00"'), 'f\\+o\\>o\\,b\\<a\\;r\\=\\"\\\x00\\"')
+        self.assertEqual(ldap.dn.escape_dn_chars('f+o>o,b<a;r="\00"'), r'f\+o\>o\,b\<a\;r\=\"\00\"')
         self.assertEqual(ldap.dn.escape_dn_chars('foo\\,bar'), 'foo\\\\\\,bar')
 
     def test_str2dn(self):

Places

File CVE-2025-61912-escape-nuls-correctly-escape-dn-chars.patch of Package python-ldap.41138

Places