Escape the hostname before inserting it in an LDAP query.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

diff --git a/mod_vhost_ldap.c b/mod_vhost_ldap.c
index 735706d1171f6aaa0bf429b03c4979f8a3c3c29d..1ed8b174b3178b672d9f1e1f0da57698bb3a777e 100644 (file)
--- a/mod_vhost_ldap.c
+++ b/mod_vhost_ldap.c
@@ -471,7 +471,12 @@ fallback:
     ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
                   "[mod_vhost_ldap.c]: translating %s", r->uri);
 
-    apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, hostname, hostname);
+    struct berval hostnamebv, shostnamebv;
+    ber_str2bv(hostname, 0, 0, &hostnamebv);
+    if (ldap_bv2escaped_filter_value(&hostnamebv, &shostnamebv) != 0)
+       goto null;
+    apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, shostnamebv.bv_val, shostnamebv.bv_val);
+    ber_memfree(shostnamebv.bv_val);
 
     result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
                                       attributes, filtbuf, &dn, &vals);