]> git.ipfire.org Git - thirdparty/postgresql.git/commitdiff
Fix parsing of LDAP URLs so it doesn't reject spaces in the "suffix" part.
authorTom Lane <tgl@sss.pgh.pa.us>
Thu, 24 Jul 2008 17:51:55 +0000 (17:51 +0000)
committerTom Lane <tgl@sss.pgh.pa.us>
Thu, 24 Jul 2008 17:51:55 +0000 (17:51 +0000)
Per report from César Miguel Oliveira Alves.

src/backend/libpq/auth.c

index 1a33834485d9050c88c59fb246c33364c2e25074..fc5e0f4a24820e1a8e576d7392ae4ccfd831253e 100644 (file)
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164 2008/02/08 17:58:46 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.165 2008/07/24 17:51:55 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1399,8 +1399,14 @@ CheckLDAPAuth(Port *port)
        }
 
        /*
-        * Crack the LDAP url. We do a very trivial parse..
+        * Crack the LDAP url. We do a very trivial parse:
+        *
         * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]]
+        *
+        * This code originally used "%127s" for the suffix, but that doesn't
+        * work for embedded whitespace.  We know that tokens formed by
+        * hba.c won't include newlines, so we can use a "not newline" scanset
+        * instead.
         */
 
        server[0] = '\0';
@@ -1410,13 +1416,13 @@ CheckLDAPAuth(Port *port)
 
        /* ldap, including port number */
        r = sscanf(port->auth_arg,
-                          "ldap://%127[^:]:%d/%127[^;];%127[^;];%127s",
+                          "ldap://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
                           server, &ldapport, basedn, prefix, suffix);
        if (r < 3)
        {
                /* ldaps, including port number */
                r = sscanf(port->auth_arg,
-                                  "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127s",
+                                  "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
                                   server, &ldapport, basedn, prefix, suffix);
                if (r >= 3)
                        ssl = true;
@@ -1425,14 +1431,14 @@ CheckLDAPAuth(Port *port)
        {
                /* ldap, no port number */
                r = sscanf(port->auth_arg,
-                                  "ldap://%127[^/]/%127[^;];%127[^;];%127s",
+                                  "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]",
                                   server, basedn, prefix, suffix);
        }
        if (r < 2)
        {
                /* ldaps, no port number */
                r = sscanf(port->auth_arg,
-                                  "ldaps://%127[^/]/%127[^;];%127[^;];%127s",
+                                  "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]",
                                   server, basedn, prefix, suffix);
                if (r >= 2)
                        ssl = true;