Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
sudo.511
sudo-1.7.6p2-ldap_search_escape.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sudo-1.7.6p2-ldap_search_escape.patch of Package sudo.511
Index: sudo-1.7.6p2/ldap.c =================================================================== --- sudo-1.7.6p2.orig/ldap.c 2011-04-12 17:48:56.000000000 +0200 +++ sudo-1.7.6p2/ldap.c 2011-12-12 12:05:14.443420672 +0100 @@ -994,6 +994,99 @@ } /* + * Determine length of query value after escaping characters + * as per RFC 4515. + */ +static size_t +sudo_ldap_value_len(const char *value) +{ + const char *s; + size_t len = 0; + + for (s = value; *s != '\0'; s++) { + switch (*s) { + case '\\': + case '(': + case ')': + case '*': + len += 2; + break; + } + } + len += (size_t)(s - value); + return len; +} + +/* + * Like strlcat() but escapes characters as per RFC 4515. + */ +static size_t +sudo_ldap_value_cat(char *dst, const char *src, size_t size) +{ + char *d = dst; + const char *s = src; + size_t n = size; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (n-- != 0 && *d != '\0') + d++; + dlen = d - dst; + n = size - dlen; + + if (n == 0) + return dlen + strlen(s); + while (*s != '\0') { + switch (*s) { + case '\\': + if (n < 3) + goto done; + *d++ = '\\'; + *d++ = '5'; + *d++ = 'c'; + n -= 3; + break; + case '(': + if (n < 3) + goto done; + *d++ = '\\'; + *d++ = '2'; + *d++ = '8'; + n -= 3; + break; + case ')': + if (n < 3) + goto done; + *d++ = '\\'; + *d++ = '2'; + *d++ = '9'; + n -= 3; + break; + case '*': + if (n < 3) + goto done; + *d++ = '\\'; + *d++ = '2'; + *d++ = 'a'; + n -= 3; + break; + default: + if (n < 1) + goto done; + *d++ = *s; + n--; + break; + } + s++; + } +done: + *d = '\0'; + while (*s != '\0') + s++; + return dlen + (s - src); /* count does not include NUL */ +} + +/* * Builds up a filter to check against LDAP. */ static char * @@ -1010,18 +1103,18 @@ sz += strlen(ldap_conf.search_filter) + 3; /* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */ - sz += 29 + strlen(pw->pw_name); + sz += 29 + sudo_ldap_value_len(pw->pw_name); /* Add space for groups */ if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) { - sz += 12 + strlen(grp->gr_name); /* primary group */ + sz += 12 + sudo_ldap_value_len(grp->gr_name); gr_delref(grp); } for (i = 0; i < user_ngroups; i++) { if (user_groups[i] == pw->pw_gid) continue; if ((grp = sudo_getgrgid(user_groups[i])) != NULL) { - sz += 12 + strlen(grp->gr_name); /* supplementary group */ + sz += 12 + sudo_ldap_value_len(grp->gr_name); gr_delref(grp); } } @@ -1044,13 +1137,13 @@ /* Global OR + sudoUser=user_name filter */ (void) strlcat(buf, "(|(sudoUser=", sz); - (void) strlcat(buf, pw->pw_name, sz); + (void) sudo_ldap_value_cat(buf, pw->pw_name, sz); (void) strlcat(buf, ")", sz); /* Append primary group */ if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) { (void) strlcat(buf, "(sudoUser=%", sz); - (void) strlcat(buf, grp->gr_name, sz); + (void) sudo_ldap_value_cat(buf, grp->gr_name, sz); (void) strlcat(buf, ")", sz); gr_delref(grp); } @@ -1061,7 +1154,7 @@ continue; if ((grp = sudo_getgrgid(user_groups[i])) != NULL) { (void) strlcat(buf, "(sudoUser=%", sz); - (void) strlcat(buf, grp->gr_name, sz); + (void) sudo_ldap_value_cat(buf, grp->gr_name, sz); (void) strlcat(buf, ")", sz); gr_delref(grp); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor