diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2008-07-24 17:51:55 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2008-07-24 17:51:55 +0000 |
| commit | 94be06af76ac85e362c42bff5824a5cd04860934 (patch) | |
| tree | 43d24ce38c77d5b5e2d5a1871e012b1025a4b391 /src/backend/libpq/auth.c | |
| parent | e76ef8d58176ee32b0174370c4b1dcfcd07dce9a (diff) | |
| download | postgresql-94be06af76ac85e362c42bff5824a5cd04860934.tar.gz postgresql-94be06af76ac85e362c42bff5824a5cd04860934.zip | |
Fix parsing of LDAP URLs so it doesn't reject spaces in the "suffix" part.
Per report from César Miguel Oliveira Alves.
Diffstat (limited to 'src/backend/libpq/auth.c')
| -rw-r--r-- | src/backend/libpq/auth.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 1a33834485d..fc5e0f4a248 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164 2008/02/08 17:58:46 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.165 2008/07/24 17:51:55 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -1399,8 +1399,14 @@ CheckLDAPAuth(Port *port) } /* - * Crack the LDAP url. We do a very trivial parse.. + * Crack the LDAP url. We do a very trivial parse: + * * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]] + * + * This code originally used "%127s" for the suffix, but that doesn't + * work for embedded whitespace. We know that tokens formed by + * hba.c won't include newlines, so we can use a "not newline" scanset + * instead. */ server[0] = '\0'; @@ -1410,13 +1416,13 @@ CheckLDAPAuth(Port *port) /* ldap, including port number */ r = sscanf(port->auth_arg, - "ldap://%127[^:]:%d/%127[^;];%127[^;];%127s", + "ldap://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]", server, &ldapport, basedn, prefix, suffix); if (r < 3) { /* ldaps, including port number */ r = sscanf(port->auth_arg, - "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127s", + "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]", server, &ldapport, basedn, prefix, suffix); if (r >= 3) ssl = true; @@ -1425,14 +1431,14 @@ CheckLDAPAuth(Port *port) { /* ldap, no port number */ r = sscanf(port->auth_arg, - "ldap://%127[^/]/%127[^;];%127[^;];%127s", + "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]", server, basedn, prefix, suffix); } if (r < 2) { /* ldaps, no port number */ r = sscanf(port->auth_arg, - "ldaps://%127[^/]/%127[^;];%127[^;];%127s", + "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]", server, basedn, prefix, suffix); if (r >= 2) ssl = true; |