[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
servers/slapd/sasl.c username's strpbrk (ITS#664)
Full_Name: mei-hui su
Version: openldap 2.0 latest
OS: solaris 2.7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.9.64.206)
Hi,
In servers/slapd/sasl.c around line #475
} else if ( username[0] == 'u' && username[1] == ':'
&& username[2] != '\0'
&& strpbrk( &username[2], "=,;\"\\") == NULL )
<<--
the strpbrk should not check for '=' because it is possible to have userid
with
'=' as part of attributeTypeAndValue. For example, X.509 userids (i.e. subject
names).
mei