On Fri, Nov 12, 2010 at 10:12:51AM -0500, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > https://fedorahosted.org/sssd/ticket/458 > > Previously, it was possible to perform a sort of LDAP filter injection > with careful crafting of the ldap attributes in the config file. > > This guarantees that any attribute specified in the config file is > escaped properly, resulting in an inability to inject subfilters. > > > Note: this was not a security issue, as it was editable only by root and > even then, all checks were performed on the server, not the client. > > + > + if (name) { > + ret = sss_filter_sanitize(map, name, &map[i].name); > + talloc_zfree(name);
NACK, please check ret. bye, Sumit > + } else { > + map[i].name = NULL; > + } > + _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel