[SSSD] [sssd PR#178][synchronized] UTIL: Sanitize newline characters.

Mon, 06 Mar 2017 02:29:24 -0800 

   URL: https://github.com/SSSD/sssd/pull/178
Author: vtapia
 Title: #178: UTIL: Sanitize newline characters.
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/178/head:pr178
git checkout pr178

From 2f8f40ded5cbafb816d37ef9a29b74928ef6e473 Mon Sep 17 00:00:00 2001
From: Victor Tapia <victor.ta...@canonical.com>
Date: Thu, 2 Mar 2017 14:57:08 +0100
Subject: [PATCH 1/2] UTIL: Sanitize newline characters.

Introducing valid usernames with a trailing newline character triggers
the removal of valid LDB cache entries

Resolves:
https://fedorahosted.org/sssd/ticket/3317
---
 src/util/util.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/util/util.c b/src/util/util.c
index 885f67e..af2e910 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -589,6 +589,14 @@ errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
             output[j++] = '5';
             output[j++] = 'c';
             break;
+        case '\n':
+            output[j++] = '\\';
+            output[j++] = '0';
+            output[j++] = 'd';
+            output[j++] = '\\';
+            output[j++] = '0';
+            output[j++] = 'a';
+            break;
         default:
             output[j++] = input[i];
         }

From 2a1f56e889a5374f35b4750e0c5edaa23396ce17 Mon Sep 17 00:00:00 2001
From: Victor Tapia <victor.ta...@canonical.com>
Date: Mon, 6 Mar 2017 11:27:06 +0100
Subject: [PATCH 2/2] UTIL: Sanitize newline and carriage return characters.

Introducing valid usernames with a trailing newline character triggers
the removal of valid LDB cache entries.

Resolves:
https://fedorahosted.org/sssd/ticket/3317
---
 src/util/util.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/util/util.c b/src/util/util.c
index af2e910..a528f0c 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -589,10 +589,12 @@ errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
             output[j++] = '5';
             output[j++] = 'c';
             break;
-        case '\n':
+        case '\r':
             output[j++] = '\\';
             output[j++] = '0';
             output[j++] = 'd';
+            break;
+        case '\n':
             output[j++] = '\\';
             output[j++] = '0';
             output[j++] = 'a';

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to