diff options
Diffstat (limited to 'source4/lib/ldb/common')
| -rw-r--r-- | source4/lib/ldb/common/ldb_dn.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index 18b620b506..8b9cf4e129 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -41,6 +41,21 @@ #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed +static int ldb_dn_is_valid_attribute_name(const char *name) +{ + while (*name) { + if (! isascii(*name)) { + return 0; + } + if (! (isalnum(*name) || *name == '-')) { + return 0; + } + name++; + } + + return 1; +} + static char *ldb_dn_escape_value(void *mem_ctx, struct ldb_val value) { const char *p, *s, *src; @@ -250,6 +265,10 @@ static struct ldb_dn_component ldb_dn_explode_component(void *mem_ctx, char *raw if (!dc.name) return dc; + if (! ldb_dn_is_valid_attribute_name(dc.name)) { + goto failed; + } + ret = get_quotes_position(p, &qs, &qe); switch (ret) { |