From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 29 Oct 2025 08:11:09 +0000 (+0100)
Subject: openldap/ldap; check for binary attribute case insensitively
X-Git-Tag: curl-8_17_0~72
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a97f9d41cc01c733cec085008d644397ee6edd74;p=thirdparty%2Fcurl.git

openldap/ldap; check for binary attribute case insensitively

This bug was found with ZeroPath

Fixes #19240
Reported-by: Joshua Rogers
Closes #19273
---

diff --git a/lib/ldap.c b/lib/ldap.c
index 8db1f41338..f0bc2f2a37 100644
--- a/lib/ldap.c
+++ b/lib/ldap.c
@@ -623,7 +623,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
           }
 
           if((attr_len > 7) &&
-             (strcmp(";binary", attr + (attr_len - 7)) == 0)) {
+             curl_strequal(";binary", attr + (attr_len - 7)) ) {
             /* Binary attribute, encode to base64. */
             if(vals[i]->bv_len) {
               result = curlx_base64_encode(vals[i]->bv_val, vals[i]->bv_len,
diff --git a/lib/openldap.c b/lib/openldap.c
index dbf2f5f4f3..f06587f017 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -1096,7 +1096,6 @@ static CURLcode oldap_recv(struct Curl_easy *data, int sockindex, char *buf,
   BerElement *ber = NULL;
   struct timeval tv = {0, 0};
   struct berval bv, *bvals;
-  bool binary = FALSE;
   CURLcode result = CURLE_AGAIN;
   int code;
   char *info = NULL;
@@ -1167,6 +1166,7 @@ static CURLcode oldap_recv(struct Curl_easy *data, int sockindex, char *buf,
         rc == LDAP_SUCCESS;
         rc = ldap_get_attribute_ber(li->ld, msg, ber, &bv, &bvals)) {
       int i;
+      bool binary;
 
       if(!bv.bv_val)
         break;
@@ -1180,7 +1180,7 @@ static CURLcode oldap_recv(struct Curl_easy *data, int sockindex, char *buf,
       }
 
       binary = bv.bv_len > 7 &&
-        !strncmp(bv.bv_val + bv.bv_len - 7, ";binary", 7);
+        curl_strnequal(bv.bv_val + bv.bv_len - 7, ";binary", 7);
 
       for(i = 0; bvals[i].bv_val != NULL; i++) {
         bool binval = FALSE;