Bug#387891: libpam-ldap: Hyphens ("-") in Base DN are not properly escaped for use in regular expressions

2016-03-29 Thread Lucas Castro 
can someone say anything about this bug,
I've been trying  to reproduce but it seems is everything fine.
I can't get the reported error.

Bug#387891: libpam-ldap: Hyphens (-) in Base DN are not properly escaped for use in regular expressions

2007-01-03 Thread Peter Bücker 

What about this patch? Is there anything I can do to get it applied?


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#387891: libpam-ldap: Hyphens (-) in Base DN are not properly escaped for use in regular expressions

2006-09-17 Thread Peter Bücker 
Package: libpam-ldap
Version: 180-1.1
Severity: important
Tags: patch

The package fails to configure due to missing input sanitization in the 
postinst-script. The error occurs if you enter a Base DN containing a hyphen 
during debconf. A similar bug has already been reported for the package 
libnss-ldap and has been fixed via an NMU (bug#377895).
A patch which inserts libnss-ldap's input sanitization code into lipam-ldap's 
postinst script is attached.


Steps to reproduce:

1. Install libpam-ldap
2. Enter some Base DN containing a hyphen, e.g. ou=Phil-Fak,o=HHU,c=DE


dpkg reports:

Setting up libpam-ldap (180-1.1) ...
Search pattern not terminated at -e line 1.
dpkg: error processing libpam-ldap (--configure):
 subprocess post-installation script returned error exit status 255
Errors were encountered while processing:
 libpam-ldap
E: Sub-process /usr/bin/dpkg returned an error code (1)

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (800, 'stable'), (700, 'unstable')
Architecture: sparc (sparc64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.16-pf1
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libpam-ldap depends on:
ii  debconf [debconf-2.0]   1.5.3Debian configuration management sy
ii  libc6   2.3.6.ds1-4  GNU C Library: Shared libraries
ii  libldap22.1.30-13+b1 OpenLDAP libraries
ii  libpam0g0.79-3.2 Pluggable Authentication Modules l

libpam-ldap recommends no packages.

-- debconf information:
* shared/ldapns/base-dn: ou=Phil-Fak,o=HHU,c=de
* shared/ldapns/ldap-server: ldap://ldapserver/
* libpam-ldap/pam_password: exop
* libpam-ldap/binddn:
* libpam-ldap/rootbinddn:
* libpam-ldap/dbrootlogin: false
* libpam-ldap/override: true
* shared/ldapns/ldap_version: 3
* libpam-ldap/dblogin: false
diff -Nru libpam-ldap-180-orig/debian/libpam-ldap.postinst 
libpam-ldap-180/debian/libpam-ldap.postinst
--- libpam-ldap-180-orig/debian/libpam-ldap.postinst2006-09-17 
12:06:33.0 +0200
+++ libpam-ldap-180/debian/libpam-ldap.postinst 2006-09-17 12:07:10.0 
+0200
@@ -21,6 +21,15 @@
parameter=$1
value=$2
commented=0 ; notthere=0
+
+# escape slash and backslash for later regex compat
+# the order is important, first the backslashes
+value=`echo $value | sed -s 's#\\\#\\\#g'`
+# then the slashes
+value=`echo $value | sed -s 's#/#\\\/#g'`
+# escape hyphen in domainnames for later regex compat (ex. 
example-city.net)
+value=`echo $value | sed -s 's#-#\\\-#g'`
+
egrep -i -q ^$parameter  $CONFFILE || notthere=1
if [ $notthere = 1 ]; then
if ( egrep -i -q ^# *$parameter $CONFFILE ); then