View | Details | Raw Unified | Return to bug 24437
Collapse All | Expand All

(-)mod_authnz_ldap.c-HEAD (-5 / +33 lines)
Lines 207-225 Link Here
207
     * LDAP filter metachars are escaped.
207
     * LDAP filter metachars are escaped.
208
     */
208
     */
209
    filtbuf_end = filtbuf + FILTER_LENGTH - 1;
209
    filtbuf_end = filtbuf + FILTER_LENGTH - 1;
210
    for (p = user, q=filtbuf + strlen(filtbuf);
211
         *p && q < filtbuf_end; *q++ = *p++) {
212
#if APR_HAS_MICROSOFT_LDAPSDK
210
#if APR_HAS_MICROSOFT_LDAPSDK
213
        /* Note: The Microsoft SDK escapes for us, so is not necessary */
211
    for (p = user, q=filtbuf + strlen(filtbuf);
212
         *p && q < filtbuf_end; ) {
213
        if (strchr("*()\\", *p) != NULL) {
214
            if ( q + 3 >= filtbuf_end)
215
              break;  /* Don't write part of escape sequence if we can't write all of it */
216
            *q++ = '\\';
217
            switch ( *p++ )
218
            {
219
              case '*':
220
                *q++ = '2';
221
                *q++ = 'a';
222
                break;
223
              case '(':
224
                *q++ = '2';
225
                *q++ = '8';
226
                break;
227
              case ')':
228
                *q++ = '2';
229
                *q++ = '9';
230
                break;
231
              case '\\':
232
                *q++ = '5';
233
                *q++ = 'c';
234
                break;
235
		        }
236
        }
237
        else
238
            *q++ = *p++;
239
    }
214
#else
240
#else
241
    for (p = user, q=filtbuf + strlen(filtbuf);
242
         *p && q < filtbuf_end; *q++ = *p++) {
215
        if (strchr("*()\\", *p) != NULL) {
243
        if (strchr("*()\\", *p) != NULL) {
216
            *q++ = '\\';
244
            *q++ = '\\';
217
            if (q >= filtbuf_end) {
245
            if (q >= filtbuf_end) {
218
                break;
246
              break;
219
            }
247
            }
220
        }
248
        }
221
#endif
222
    }
249
    }
250
#endif
223
    *q = '\0';
251
    *q = '\0';
224
252
225
    /* 
253
    /* 

Return to bug 24437