Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 22:30:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential ldap injection

Browse Source 
Signed-off-by: Felix Eckhofer <felix@eckhofer.com>
This commit is contained in:
Felix Eckhofer
2023-02-25 20:27:52 +01:00
committed by Nicola Murino
parent e0cbb966f0
commit 71f691b208
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/ldapauth/main.go
View File

@@ -97,7 +97,7 @@ func main() {
// search the user trying to login and fetch some attributes, this search string is tested against 389ds using the default configuration
log.Printf("username=%s\n", username)
searchFilter := fmt.Sprintf("(uid=%s)", username)
searchFilter := fmt.Sprintf("(uid=%s)", ldap.EscapeFilter(username))
searchRequest := ldap.NewSearchRequest(
"ou=people," + rootDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,