Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 94be06a

Browse files
tglsfdctglsfdc
committed
Fix parsing of LDAP URLs so it doesn't reject spaces in the "suffix" part.
Per report from César Miguel Oliveira Alves.
1 parent e76ef8d commit 94be06a

File tree

1 file changed

+12
-6
lines changed

1 file changed

+12
-6
lines changed

src/backend/libpq/auth.c

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164 2008/02/08 17:58:46 tgl Exp $
11+
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.165 2008/07/24 17:51:55 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -1399,8 +1399,14 @@ CheckLDAPAuth(Port *port)
13991399
}
14001400

14011401
/*
1402-
* Crack the LDAP url. We do a very trivial parse..
1402+
* Crack the LDAP url. We do a very trivial parse:
1403+
*
14031404
* ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]]
1405+
*
1406+
* This code originally used "%127s" for the suffix, but that doesn't
1407+
* work for embedded whitespace. We know that tokens formed by
1408+
* hba.c won't include newlines, so we can use a "not newline" scanset
1409+
* instead.
14041410
*/
14051411

14061412
server[0] = '\0';
@@ -1410,13 +1416,13 @@ CheckLDAPAuth(Port *port)
14101416

14111417
/* ldap, including port number */
14121418
r = sscanf(port->auth_arg,
1413-
"ldap://%127[^:]:%d/%127[^;];%127[^;];%127s",
1419+
"ldap://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
14141420
server, &ldapport, basedn, prefix, suffix);
14151421
if (r < 3)
14161422
{
14171423
/* ldaps, including port number */
14181424
r = sscanf(port->auth_arg,
1419-
"ldaps://%127[^:]:%d/%127[^;];%127[^;];%127s",
1425+
"ldaps://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
14201426
server, &ldapport, basedn, prefix, suffix);
14211427
if (r >= 3)
14221428
ssl = true;
@@ -1425,14 +1431,14 @@ CheckLDAPAuth(Port *port)
14251431
{
14261432
/* ldap, no port number */
14271433
r = sscanf(port->auth_arg,
1428-
"ldap://%127[^/]/%127[^;];%127[^;];%127s",
1434+
"ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]",
14291435
server, basedn, prefix, suffix);
14301436
}
14311437
if (r < 2)
14321438
{
14331439
/* ldaps, no port number */
14341440
r = sscanf(port->auth_arg,
1435-
"ldaps://%127[^/]/%127[^;];%127[^;];%127s",
1441+
"ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]",
14361442
server, basedn, prefix, suffix);
14371443
if (r >= 2)
14381444
ssl = true;

0 commit comments

Comments
 (0)