From: Graham Leggett <minfrin@apache.org>
Date: Mon, 4 Oct 2004 23:43:20 +0000 (+0000)
Subject: mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
X-Git-Tag: 2.1.1~176
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2e54fb970d0bc6495ae2650edb41287ca8972a2;p=thirdparty%2Fapache%2Fhttpd.git

mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
library handles special characters.
PR:	24437
Obtained from:
Submitted by:	Jess Holle
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105379 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index ef56e33685d..34688b0570d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
+     library handles special characters. PR 24437 [Jess Holle]
+
   *) mod_ldap: fix a bogus error message to tell the user which file
      is causing a potential problem with the LDAP shared memory cache.
      PR 31431 [Graham Leggett]
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 88b7da389ec..226aee94afa 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -207,19 +207,47 @@ static void authn_ldap_build_filter(char *filtbuf,
      * LDAP filter metachars are escaped.
      */
     filtbuf_end = filtbuf + FILTER_LENGTH - 1;
-    for (p = user, q=filtbuf + strlen(filtbuf);
-         *p && q < filtbuf_end; *q++ = *p++) {
 #if APR_HAS_MICROSOFT_LDAPSDK
-        /* Note: The Microsoft SDK escapes for us, so is not necessary */
+    for (p = user, q=filtbuf + strlen(filtbuf);
+         *p && q < filtbuf_end; ) {
+        if (strchr("*()\\", *p) != NULL) {
+            if ( q + 3 >= filtbuf_end)
+              break;  /* Don't write part of escape sequence if we can't write all of it */
+            *q++ = '\\';
+            switch ( *p++ )
+            {
+              case '*':
+                *q++ = '2';
+                *q++ = 'a';
+                break;
+              case '(':
+                *q++ = '2';
+                *q++ = '8';
+                break;
+              case ')':
+                *q++ = '2';
+                *q++ = '9';
+                break;
+              case '\\':
+                *q++ = '5';
+                *q++ = 'c';
+                break;
+		        }
+        }
+        else
+            *q++ = *p++;
+    }
 #else
+    for (p = user, q=filtbuf + strlen(filtbuf);
+         *p && q < filtbuf_end; *q++ = *p++) {
         if (strchr("*()\\", *p) != NULL) {
             *q++ = '\\';
             if (q >= filtbuf_end) {
-                break;
+              break;
             }
         }
-#endif
     }
+#endif
     *q = '\0';
 
     /*