httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject cvs commit: httpd-2.0/modules/aaa mod_authnz_ldap.c
Date Mon, 04 Oct 2004 23:43:20 GMT
minfrin     2004/10/04 16:43:20

  Modified:    .        CHANGES
               modules/aaa mod_authnz_ldap.c
  Log:
  mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
  library handles special characters.
  PR:	24437
  Submitted by:	Jess Holle
  
  Revision  Changes    Path
  1.1608    +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1607
  retrieving revision 1.1608
  diff -u -r1.1607 -r1.1608
  --- CHANGES	3 Oct 2004 16:44:05 -0000	1.1607
  +++ CHANGES	4 Oct 2004 23:43:19 -0000	1.1608
  @@ -2,6 +2,9 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
  +     library handles special characters. PR 24437 [Jess Holle]
  +
     *) mod_ldap: fix a bogus error message to tell the user which file
        is causing a potential problem with the LDAP shared memory cache.
        PR 31431 [Graham Leggett]
  
  
  
  1.4       +33 -5     httpd-2.0/modules/aaa/mod_authnz_ldap.c
  
  Index: mod_authnz_ldap.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_authnz_ldap.c,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- mod_authnz_ldap.c	19 Aug 2004 18:08:19 -0000	1.3
  +++ mod_authnz_ldap.c	4 Oct 2004 23:43:20 -0000	1.4
  @@ -207,19 +207,47 @@
        * LDAP filter metachars are escaped.
        */
       filtbuf_end = filtbuf + FILTER_LENGTH - 1;
  -    for (p = user, q=filtbuf + strlen(filtbuf);
  -         *p && q < filtbuf_end; *q++ = *p++) {
   #if APR_HAS_MICROSOFT_LDAPSDK
  -        /* Note: The Microsoft SDK escapes for us, so is not necessary */
  +    for (p = user, q=filtbuf + strlen(filtbuf);
  +         *p && q < filtbuf_end; ) {
  +        if (strchr("*()\\", *p) != NULL) {
  +            if ( q + 3 >= filtbuf_end)
  +              break;  /* Don't write part of escape sequence if we can't write all of it
*/
  +            *q++ = '\\';
  +            switch ( *p++ )
  +            {
  +              case '*':
  +                *q++ = '2';
  +                *q++ = 'a';
  +                break;
  +              case '(':
  +                *q++ = '2';
  +                *q++ = '8';
  +                break;
  +              case ')':
  +                *q++ = '2';
  +                *q++ = '9';
  +                break;
  +              case '\\':
  +                *q++ = '5';
  +                *q++ = 'c';
  +                break;
  +		        }
  +        }
  +        else
  +            *q++ = *p++;
  +    }
   #else
  +    for (p = user, q=filtbuf + strlen(filtbuf);
  +         *p && q < filtbuf_end; *q++ = *p++) {
           if (strchr("*()\\", *p) != NULL) {
               *q++ = '\\';
               if (q >= filtbuf_end) {
  -                break;
  +              break;
               }
           }
  -#endif
       }
  +#endif
       *q = '\0';
   
       /* 
  
  
  

Mime
View raw message