From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Tue, 9 Sep 2025 05:29:34 +0000 (+0000)
Subject: ext_ldap_group_acl: avoid infinite loop on login containing '%s' (#2217)
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5443b8ff618443484cd75cc5ea1a3a8cc4af38c9;p=thirdparty%2Fsquid.git

ext_ldap_group_acl: avoid infinite loop on login containing '%s' (#2217)
---

diff --git a/src/acl/external/LDAP_group/ext_ldap_group_acl.cc b/src/acl/external/LDAP_group/ext_ldap_group_acl.cc
index 997bd7aa6a..69ba3e3eba 100644
--- a/src/acl/external/LDAP_group/ext_ldap_group_acl.cc
+++ b/src/acl/external/LDAP_group/ext_ldap_group_acl.cc
@@ -747,10 +747,10 @@ searchLDAPGroup(LDAP * ld, const char *group, const char *member, const char *ex
 static void
 formatWithString(std::string &formatted, const std::string &value)
 {
-    size_t start_pos = 0;
+    std::string::size_type start_pos = 0;
     while ((start_pos = formatted.find("%s", start_pos)) != std::string::npos) {
         formatted.replace(start_pos, 2, value);
-        start_pos += 2;
+        start_pos += value.length();
     }
 }