1 Index: squid/helpers/basic_auth/LDAP/squid_ldap_auth.c
2 diff -c squid/helpers/basic_auth/LDAP/squid_ldap_auth.c:1.21.2.14 squid/helpers/basic_auth/LDAP/squid_ldap_auth.c:1.21.2.15
3 *** squid/helpers/basic_auth/LDAP/squid_ldap_auth.c:1.21.2.14 Tue Aug 10 03:39:29 2004
4 --- squid/helpers/basic_auth/LDAP/squid_ldap_auth.c Sun Jan 16 21:24:14 2005
8 * or (at your option) any later version.
11 + * 2005-01-07: Henrik Nordstrom <hno@squid-cache.org>
12 + * - Added some sanity checks on login names to avoid
13 + * users bypassing equality checks by exploring the
14 + * overly helpful match capabilities of LDAP
15 * 2004-07-17: Henrik Nordstrom <hno@squid-cache.org>
16 * - Corrected non-persistent mode to only issue one
17 * ldap_bind per connection.
34 + /* Make a sanity check on the username to reject oddly typed names */
36 + validUsername(const char *user)
38 + const unsigned char *p = user;
40 + /* Leading whitespace? */
43 + while(p[0] && p[1]) {
44 + if (isspace(p[0])) {
45 + /* More than one consequitive space? */
48 + /* or odd space type character used? */
54 + /* Trailing whitespace? */
61 main(int argc, char **argv)
67 rfc1738_unescape(user);
68 rfc1738_unescape(passwd);
69 + if (!validUsername(user)) {
73 tryagain = (ld != NULL);
75 if (ld == NULL && persistent)