From: Nick Porter Date: Thu, 19 Oct 2023 16:45:12 +0000 (+0100) Subject: Ensure all URI escaping is only done on strings X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abe980855b04ca8f3356e4a4dec5f49730507310;p=thirdparty%2Ffreeradius-server.git Ensure all URI escaping is only done on strings Xlats already present strings, but there can be cases where the list is not all strings, such as LDAP map. --- diff --git a/src/lib/util/uri.c b/src/lib/util/uri.c index b959316418b..de220408f95 100644 --- a/src/lib/util/uri.c +++ b/src/lib/util/uri.c @@ -54,6 +54,15 @@ int fr_uri_escape(fr_value_box_list_t *uri, fr_uri_part_t const *uri_parts, void return -1; } + /* + * Ensure boxes are strings before attempting to escape. + */ + if (unlikely(uri_vb->type != FR_TYPE_STRING)) { + if (fr_value_box_cast_in_place(uri_vb, uri_vb, FR_TYPE_STRING, uri_vb->enumv) < 0) { + fr_strerror_printf_push("Unable to cast %pV to a string", uri_vb); + } + } + /* * Tainted boxes can only belong to a single part of the URI */ diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 0fae8ac9fd4..596ddb59312 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -445,11 +445,6 @@ static int uri_part_escape(fr_value_box_t *vb, UNUSED void *uctx) */ if (vb->safe == FR_VALUE_BOX_SAFE(1)) return 0; - /* - * Ensure the box is a string before we attempt to escape it - */ - fr_value_box_cast_in_place(vb, vb, FR_TYPE_STRING, vb->enumv); - /* * Maximum space needed for output would be 3 times the input if every * char needed escaping