You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by mi...@apache.org on 2014/04/21 19:45:59 UTC
svn commit: r1588937 - in /apr/apr/trunk: encoding/apr_escape.c
include/apr_escape.h test/testescape.c tools/gen_test_char.c
Author: minfrin
Date: Mon Apr 21 17:45:58 2014
New Revision: 1588937
URL: http://svn.apache.org/r1588937
Log:
Split the ability to filter LDAP escape sequences into DN escaping or filter
escaping, allowing the option to escape both at the same time.
Modified:
apr/apr/trunk/encoding/apr_escape.c
apr/apr/trunk/include/apr_escape.h
apr/apr/trunk/test/testescape.c
apr/apr/trunk/tools/gen_test_char.c
Modified: apr/apr/trunk/encoding/apr_escape.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/encoding/apr_escape.c?rev=1588937&r1=1588936&r2=1588937&view=diff
==============================================================================
--- apr/apr/trunk/encoding/apr_escape.c (original)
+++ apr/apr/trunk/encoding/apr_escape.c Mon Apr 21 17:45:58 2014
@@ -1181,7 +1181,7 @@ APR_DECLARE(const void *) apr_punescape_
}
APR_DECLARE(apr_status_t) apr_escape_ldap(char *escaped, const void *str,
- apr_ssize_t slen, apr_size_t *len)
+ apr_ssize_t slen, int flags, apr_size_t *len)
{
apr_size_t size = 1;
int found = 0;
@@ -1192,7 +1192,8 @@ APR_DECLARE(apr_status_t) apr_escape_lda
if (s) {
if (d) {
while (((c = *s) && slen) || (slen > 0)) {
- if (TEST_CHAR(c, T_ESCAPE_LDAP)) {
+ if (((flags & APR_ESCAPE_LDAP_DN) && TEST_CHAR(c, T_ESCAPE_LDAP_DN))
+ || ((flags & APR_ESCAPE_LDAP_FILTER) && TEST_CHAR(c, T_ESCAPE_LDAP_FILTER))) {
d = c2x(c, '\\', d);
size += 2;
found = 1;
@@ -1208,7 +1209,8 @@ APR_DECLARE(apr_status_t) apr_escape_lda
}
else {
while (((c = *s) && slen) || (slen > 0)) {
- if (TEST_CHAR(c, T_ESCAPE_LDAP)) {
+ if (((flags & APR_ESCAPE_LDAP_DN) && TEST_CHAR(c, T_ESCAPE_LDAP_DN))
+ || ((flags & APR_ESCAPE_LDAP_FILTER) && TEST_CHAR(c, T_ESCAPE_LDAP_FILTER))) {
size += 2;
found = 1;
}
@@ -1229,14 +1231,15 @@ APR_DECLARE(apr_status_t) apr_escape_lda
return APR_SUCCESS;
}
-APR_DECLARE(const char *) apr_pescape_ldap(apr_pool_t *p, const void *src, apr_ssize_t srclen)
+APR_DECLARE(const char *) apr_pescape_ldap(apr_pool_t *p, const void *src,
+ apr_ssize_t srclen, int flags)
{
apr_size_t len;
- switch (apr_escape_ldap(NULL, src, srclen, &len)) {
+ switch (apr_escape_ldap(NULL, src, srclen, flags, &len)) {
case APR_SUCCESS: {
char *encoded = apr_palloc(p, len);
- apr_escape_ldap(encoded, src, srclen, NULL);
+ apr_escape_ldap(encoded, src, srclen, flags, NULL);
return encoded;
}
case APR_NOTFOUND: {
Modified: apr/apr/trunk/include/apr_escape.h
URL: http://svn.apache.org/viewvc/apr/apr/trunk/include/apr_escape.h?rev=1588937&r1=1588936&r2=1588937&view=diff
==============================================================================
--- apr/apr/trunk/include/apr_escape.h (original)
+++ apr/apr/trunk/include/apr_escape.h Mon Apr 21 17:45:58 2014
@@ -40,7 +40,22 @@ extern "C" {
* passed to indicate a string-valued key, and have the length computed
* automatically.
*/
-#define APR_ESCAPE_STRING (-1)
+#define APR_ESCAPE_STRING (-1)
+
+/**
+ * Apply LDAP distinguished name escaping as per RFC4514.
+ */
+#define APR_ESCAPE_LDAP_DN (0x01)
+
+/**
+ * Apply LDAP filter escaping as per RFC4515.
+ */
+#define APR_ESCAPE_LDAP_FILTER (0x02)
+
+/**
+ * Apply both RFC4514 and RFC4515 LDAP escaping.
+ */
+#define APR_ESCAPE_LDAP_ALL (0x03)
/**
* Perform shell escaping on the provided string.
@@ -372,11 +387,13 @@ APR_DECLARE(const void *) apr_punescape_
* @param dest The destination buffer, can be NULL
* @param src The original buffer
* @param srclen The length of the original buffer
+ * @param flags APR_ESCAPE_LDAP_DN for RFC4514, APR_ESCAPE_LDAP_FILTER for
+ * RFC4515, APR_ESCAPE_LDAP_ALL for both
* @param len If present, returns the length of the string
* @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL
*/
APR_DECLARE(apr_status_t) apr_escape_ldap(char *dest, const void *src,
- apr_ssize_t srclen, apr_size_t *len);
+ apr_ssize_t srclen, int flags, apr_size_t *len);
/**
* Apply LDAP escaping to binary data, and return the results from a
@@ -385,11 +402,13 @@ APR_DECLARE(apr_status_t) apr_escape_lda
* @param p Pool to allocate from
* @param src The original buffer
* @param slen The length of the original buffer
+ * @param flags APR_ESCAPE_LDAP_DN for RFC4514, APR_ESCAPE_LDAP_FILTER for
+ * RFC4515, APR_ESCAPE_LDAP_ALL for both
* @return A zero padded buffer allocated from the pool on success, or
* NULL if src was NULL.
*/
APR_DECLARE(const char *) apr_pescape_ldap(apr_pool_t *p, const void *src,
- apr_ssize_t slen) __attribute__((nonnull(1)));
+ apr_ssize_t slen, int flags) __attribute__((nonnull(1)));
/** @} */
#ifdef __cplusplus
Modified: apr/apr/trunk/test/testescape.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/test/testescape.c?rev=1588937&r1=1588936&r2=1588937&view=diff
==============================================================================
--- apr/apr/trunk/test/testescape.c (original)
+++ apr/apr/trunk/test/testescape.c Mon Apr 21 17:45:58 2014
@@ -263,13 +263,37 @@ static void test_escape(abts_case *tc, v
(len == 4));
src = "Parens R Us (for all your parenthetical needs) plus asterisk* \"+,;<>\\";
+ target = "Parens R Us (for all your parenthetical needs) plus asterisk* \\22\\2b\\2c\\3b\\3c\\3e\\5c";
+ dest = apr_pescape_ldap(pool, src, APR_ESCAPE_STRING, APR_ESCAPE_LDAP_DN);
+ ABTS_ASSERT(tc,
+ apr_psprintf(pool, "ldap escaped (%s) does not match expected output (%s)",
+ dest, target),
+ (strcmp(dest, target) == 0));
+ apr_escape_ldap(NULL, src, APR_ESCAPE_STRING, APR_ESCAPE_LDAP_DN, &len);
+ ABTS_ASSERT(tc,
+ apr_psprintf(pool, "size mismatch (%" APR_SIZE_T_FMT "!=%" APR_SIZE_T_FMT ")", len, strlen(dest) + 1),
+ (len == strlen(dest) + 1));
+
+ src = "Parens R Us (for all your parenthetical needs) plus asterisk* \"+,;<>\\";
+ target = "Parens R Us \\28for all your parenthetical needs\\29 plus asterisk\\2a \"+,;<>\\5c";
+ dest = apr_pescape_ldap(pool, src, APR_ESCAPE_STRING, APR_ESCAPE_LDAP_FILTER);
+ ABTS_ASSERT(tc,
+ apr_psprintf(pool, "ldap escaped (%s) does not match expected output (%s)",
+ dest, target),
+ (strcmp(dest, target) == 0));
+ apr_escape_ldap(NULL, src, APR_ESCAPE_STRING, APR_ESCAPE_LDAP_FILTER, &len);
+ ABTS_ASSERT(tc,
+ apr_psprintf(pool, "size mismatch (%" APR_SIZE_T_FMT "!=%" APR_SIZE_T_FMT ")", len, strlen(dest) + 1),
+ (len == strlen(dest) + 1));
+
+ src = "Parens R Us (for all your parenthetical needs) plus asterisk* \"+,;<>\\";
target = "Parens R Us \\28for all your parenthetical needs\\29 plus asterisk\\2a \\22\\2b\\2c\\3b\\3c\\3e\\5c";
- dest = apr_pescape_ldap(pool, src, APR_ESCAPE_STRING);
+ dest = apr_pescape_ldap(pool, src, APR_ESCAPE_STRING, APR_ESCAPE_LDAP_ALL);
ABTS_ASSERT(tc,
- apr_psprintf(pool, "shell escaped (%s) does not match expected output (%s)",
+ apr_psprintf(pool, "ldap escaped (%s) does not match expected output (%s)",
dest, target),
(strcmp(dest, target) == 0));
- apr_escape_ldap(NULL, src, APR_ESCAPE_STRING, &len);
+ apr_escape_ldap(NULL, src, APR_ESCAPE_STRING, APR_ESCAPE_LDAP_ALL, &len);
ABTS_ASSERT(tc,
apr_psprintf(pool, "size mismatch (%" APR_SIZE_T_FMT "!=%" APR_SIZE_T_FMT ")", len, strlen(dest) + 1),
(len == strlen(dest) + 1));
Modified: apr/apr/trunk/tools/gen_test_char.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/tools/gen_test_char.c?rev=1588937&r1=1588936&r2=1588937&view=diff
==============================================================================
--- apr/apr/trunk/tools/gen_test_char.c (original)
+++ apr/apr/trunk/tools/gen_test_char.c Mon Apr 21 17:45:58 2014
@@ -32,7 +32,8 @@
#define T_ESCAPE_ECHO (0x08)
#define T_ESCAPE_URLENCODED (0x10)
#define T_ESCAPE_XML (0x20)
-#define T_ESCAPE_LDAP (0x40)
+#define T_ESCAPE_LDAP_DN (0x40)
+#define T_ESCAPE_LDAP_FILTER (0x80)
int main(int argc, char *argv[])
{
@@ -47,7 +48,8 @@ int main(int argc, char *argv[])
"#define T_ESCAPE_ECHO (%u)\n"
"#define T_ESCAPE_URLENCODED (%u)\n"
"#define T_ESCAPE_XML (%u)\n"
- "#define T_ESCAPE_LDAP (%u)\n"
+ "#define T_ESCAPE_LDAP_DN (%u)\n"
+ "#define T_ESCAPE_LDAP_FILTER (%u)\n"
"\n"
"static const unsigned char test_char_table[256] = {",
T_ESCAPE_SHELL_CMD,
@@ -56,7 +58,8 @@ int main(int argc, char *argv[])
T_ESCAPE_ECHO,
T_ESCAPE_URLENCODED,
T_ESCAPE_XML,
- T_ESCAPE_LDAP);
+ T_ESCAPE_LDAP_DN,
+ T_ESCAPE_LDAP_FILTER);
for (c = 0; c < 256; ++c) {
flags = 0;
@@ -109,9 +112,14 @@ int main(int argc, char *argv[])
flags |= T_ESCAPE_XML;
}
- /* LDAP DN escaping (RFC4514) and LDAP filter escaping (RFC4515) */
- if (!isprint(c) || strchr("\"+,;<>\\", c) || strchr("*()\\", c)) {
- flags |= T_ESCAPE_LDAP;
+ /* LDAP DN escaping (RFC4514) */
+ if (!isprint(c) || strchr("\"+,;<>\\", c)) {
+ flags |= T_ESCAPE_LDAP_DN;
+ }
+
+ /* LDAP filter escaping (RFC4515) */
+ if (!isprint(c) || strchr("*()\\", c)) {
+ flags |= T_ESCAPE_LDAP_FILTER;
}
printf("%u%c", flags, (c < 255) ? ',' : ' ');