To prevent attacks we scan our LDAP queries for special characters and
replace them with respective unicode values,
we use the following code
public static final String escapeLDAPSearchFilter(String filter) {
if(filter==null){
return filter;
}
StringBuffer sb = new StringBuffer();
for (int i = 0; i < filter.length(); i++) {
char curChar = filter.charAt(i);
switch (curChar) {
case '\\':
sb.append("\\5c");
break;
case '(':
sb.append("\\28");
break;
case ')':
sb.append("\\29");
break;
case '\'':
sb.append("\\27");
break;
case '\u0000':
sb.append("\\00");
break;
default:
sb.append(curChar);
}
}
if(logger.isDebugEnabled()){
logger.debug("LDAP injection escape search filter String
################# : " +sb.toString());
}
return sb.toString();
}
if we query using the following string '(G*'
our code above successfully returns this '\28G*'
and further querying LDAP results in the following exception
'javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for
SearchRequest
baseDn :
'0.9.2342.19200300.100.1.25=portal,0.9.2342.19200300.100.1.25=osc,0.9.2342.19200300.100.1.25=state,0.9.2342.19200300.100.1.25=ny,0.9.2342.19200300.100.1.25=us'
filter :
'(&:[9223372036854775807](2.5.4.0=portaluser:[9223372036854775807])(&:[9223372036854775807](2.16.840.1.113730.3.2.2.1.12=(g*:[9223372036854775807])(2.16.840.1.113730.3.2.2.1.18=0:[9223372036854775807])))'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : 601
Deref Aliases : never Deref Aliases
attributes : 'objectclass', 'cn', 'uid', 'objectclass',
'javaserializeddata', 'javaclassname', 'javafactory', 'javacodebase',
'javareferenceaddress', 'javaclassnames', 'javaremotelocation'
: Unclosed group near index 5
^(g.*
Please let us know if this is a APACHE DS issue or we are missing something
?
Your help in this regard is greatly appreciated.
--
Thanks&Regards
Satish.Gutta
