From: Reed Loden <reed@reedloden.com>
Date: Thu, 30 Aug 2012 18:28:58 +0000 (+0200)
Subject: Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can lead... 
X-Git-Tag: bugzilla-4.0.8~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c7e33858489311190b6b8c1ed1cfadd6eb035a52;p=thirdparty%2Fbugzilla.git

Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can lead to LDAP injection
r/a=LpSolit
---

diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm
index cdc802ca05..0f10f9fbfe 100644
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/Verify/LDAP.pm
@@ -41,6 +41,7 @@ use Bugzilla::User;
 use Bugzilla::Util;
 
 use Net::LDAP;
+use Net::LDAP::Util qw(escape_filter_value);
 
 use constant admin_can_create_account => 0;
 use constant user_can_create_account  => 0;
@@ -144,6 +145,7 @@ sub check_credentials {
 
 sub _bz_search_params {
     my ($username) = @_;
+    $username = escape_filter_value($username);
     return (base   => Bugzilla->params->{"LDAPBaseDN"},
             scope  => "sub",
             filter => '(&(' . Bugzilla->params->{"LDAPuidattribute"}