directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From satish gutta <sat.gu...@gmail.com>
Subject Problems with preventing LDAP injection
Date Tue, 29 Sep 2009 15:05:17 GMT
To prevent attacks we scan our LDAP queries for special characters and
replace them with respective unicode values,

we use the following code

public static final String escapeLDAPSearchFilter(String filter) {

 if(filter==null){
 return filter;
 }
     StringBuffer sb = new StringBuffer();
        for (int i = 0; i < filter.length(); i++) {
            char curChar = filter.charAt(i);
            switch (curChar) {
                case '\\':
                    sb.append("\\5c");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '\'':
                    sb.append("\\27");
                    break;
                case '\u0000':
                    sb.append("\\00");
                    break;
                default:
                    sb.append(curChar);
            }
        }
        if(logger.isDebugEnabled()){
         logger.debug("LDAP injection escape search filter String
################# : " +sb.toString());
        }
        return sb.toString();
    }

if we query using the following string  '(G*'

our code above successfully returns this '\28G*'

and  further querying LDAP results in the following exception

'javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for
SearchRequest
        baseDn :
'0.9.2342.19200300.100.1.25=portal,0.9.2342.19200300.100.1.25=osc,0.9.2342.19200300.100.1.25=state,0.9.2342.19200300.100.1.25=ny,0.9.2342.19200300.100.1.25=us'
        filter :
'(&:[9223372036854775807](2.5.4.0=portaluser:[9223372036854775807])(&:[9223372036854775807](2.16.840.1.113730.3.2.2.1.12=(g*:[9223372036854775807])(2.16.840.1.113730.3.2.2.1.18=0:[9223372036854775807])))'
        scope : whole subtree
        typesOnly : false
        Size Limit : no limit
        Time Limit : 601
        Deref Aliases : never Deref Aliases
        attributes : 'objectclass', 'cn', 'uid', 'objectclass',
'javaserializeddata', 'javaclassname', 'javafactory', 'javacodebase',
'javareferenceaddress', 'javaclassnames', 'javaremotelocation'
: Unclosed group near index 5
^(g.*

Please let us know if this is a APACHE DS issue or we are missing something
?

Your help in this regard is greatly appreciated.



-- 
Thanks&Regards
Satish.Gutta

Mime
View raw message