From 37dfc03f1b54451bda18671bd9d569caa4f85c57 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun, 1 Nov 2009 14:40:45 +0000
Subject: also do proper escaping in mkfilter_group_bymember()

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1013 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 nslcd/group.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

(limited to 'nslcd')

diff --git a/nslcd/group.c b/nslcd/group.c
index 0558651..e89efa8 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -109,19 +109,27 @@ static int mkfilter_group_bymember(MYLDAP_SESSION *session,
                                    char *buffer,size_t buflen)
 {
   char buf[80],*dn;
+  char safeuid[80];
+  char safedn[1024];
+  /* escape attribute */
+  if(myldap_escape(uid,safeuid,sizeof(safeuid)))
+    return -1;
   /* try to translate uid to DN */
   dn=uid2dn(session,uid,buf,sizeof(buf));
   if (dn==NULL)
     return mysnprintf(buffer,buflen,
                       "(&%s(%s=%s))",
                       group_filter,
-                      attmap_group_memberUid,uid);
-  else /* also lookup using user DN */
-    return mysnprintf(buffer,buflen,
-                      "(&%s(|(%s=%s)(%s=%s)))",
-                      group_filter,
-                      attmap_group_memberUid,uid,
-                      attmap_group_uniqueMember,dn);
+                      attmap_group_memberUid,safeuid);
+  /* escape DN */
+  if(myldap_escape(dn,safedn,sizeof(safedn)))
+    return -1;
+  /* also lookup using user DN */
+  return mysnprintf(buffer,buflen,
+                    "(&%s(|(%s=%s)(%s=%s)))",
+                    group_filter,
+                    attmap_group_memberUid,safeuid,
+                    attmap_group_uniqueMember,safedn);
 }
 
 void group_init(void)
-- 
cgit v1.2.3