question on ldap_escape_func in rlm_ldap.c (author: Kostas Kalevras)
Qin Zhen
qin.zhen at pacific.net.sg
Wed Dec 7 10:44:30 CET 2005
Hi All,
I'm new to Radius, now encountered problems with ldap_escape_func in rlm_ldap. please help me since it's really a bit urgent.
the comments regarding to this function is 'Add an ldap_escape_func. Escape the * character from the filter so that we can avoid the trivial DoS of username=*'. if i was not wrong, this function intends to filter out the * which follows the username, i.e, if username is 'userid*' in access-request packet, ldapsearch is only based on 'userid'. but what's the purpose for doing this and is it secure? or did i misunderstand the comments?
the lastest version freeradius-1.0.5 has a slightly different version for this piece of code,
*****************************************************************
freeradius-1.0.5
if (strchr("*=\\,()", *in)) {
static const char *hex = "0123456789abcdef";
if (outlen <= 3) break;
*(out++) = '\\';
*(out++) = hex[((*in) >> 4) & 0x0f];
*(out++) = hex[(*in) & 0x0f];
outlen -= 3;
continue;
}
**************************************************************
freeradius-1.0.4 and previous
if (strchr("*", *in)) {
in++;
outlen--;
continue;
}
i couldn't figure out what does the change intend to do, is it to filter out '*', '\\', '()' and '=' from username? and why should it be in that way? please help me. thanks a lot in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051207/c4501cfd/attachment.html>
More information about the Freeradius-Users
mailing list