[Date Prev][Date Next] [Chronological] [Thread] [Top]

servers/slapd/sasl.c username's strpbrk (ITS#664)



Full_Name: mei-hui su
Version: openldap 2.0 latest
OS: solaris 2.7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.9.64.206)


Hi,

  In servers/slapd/sasl.c around line #475

                        } else if ( username[0] == 'u' && username[1] == ':'
                                && username[2] != '\0'
                                && strpbrk( &username[2], "=,;\"\\") == NULL )
<<--

  the strpbrk should not check for '=' because it is possible to have userid
with
'=' as part of attributeTypeAndValue. For example, X.509 userids (i.e. subject
names).

mei