From 73ce13be5aa9ae541472bc6a8a2f7de8dd2db34 Mon Sep 17 00:00:00 2001 From: Christophe Jaillet Date: Sat, 19 Feb 2022 13:47:02 UTC Subject: [PATCH] Merge r1589986 r1589985 r1633528 from trunk *) Add the ldap function to the expression API, allowing ldap filters and distinguished names based on expression to be excaped correctly to guared against LDAP injection. Conflict:NA Reference:https://github.com/apache/httpd/commit/73ce13be5aa9ae5414772bc6a8a2f7de8dd2db34 --- server/util_expr_eval.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/server/util_expr_eval.c b/server/util_expr_eval.c index 2e031d0..75295ba 100644 --- a/server/util_expr_eval.c +++ b/server/util_expr_eval.c @@ -32,6 +32,10 @@ #include "apr_fnmatch.h" #include "apr_base64.h" #include "apr_sha1.h" +#include "apr_version.h" +#if APR_VERSION_AT_LEAST(1,5,0) +#include "apr_escape.h" +#endif #include /* for INT_MAX */ @@ -1087,9 +1091,16 @@ static const char *sha1_func(ap_expr_eval_ctx_t *ctx, const void *data, static const char *md5_func(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg) { - return ap_md5(ctx->p, (const unsigned char *)arg); + return ap_md5(ctx->p, (const unsigned char *)arg); } +#if APR_VERSION_AT_LEAST(1,6,0) +static const char *ldap_func(ap_expr_eval_ctx_t *ctx, const void *data, + const char *arg) +{ + return apr_pescape_ldap(ctx->p, arg, APR_ESCAPE_STRING, APR_ESCAPE_LDAP_ALL); +} +#endif #define MAX_FILE_SIZE 10*1024*1024 static const char *file_func(ap_expr_eval_ctx_t *ctx, const void *data, @@ -1667,6 +1678,9 @@ static const struct expr_provider_single string_func_providers[] = { { unbase64_func, "unbase64", NULL, 0 }, { sha1_func, "sha1", NULL, 0 }, { md5_func, "md5", NULL, 0 }, +#if APR_VERSION_AT_LEAST(1,6,0) + { ldap_func, "ldap", NULL, 0 }, +#endif { NULL, NULL, NULL} }; -- 2.23.0