Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can lead to LDAP injection

r/a=LpSolit
author: Reed Loden <reed@reedloden.com> 2012-08-30 20:26:01 +0200
committer: Frédéric Buclin <LpSolit@gmail.com> 2012-08-30 20:26:01 +0200
commit: 83fc5743d999a2bb8ca13def0e80c2e999e20571 (patch)
tree: 08f7cb85e23783f3bff9ba9c0ec510b8200a838a /Bugzilla/Auth
parent: 1ff417cbaa2905f64d4417290c4255080884ee02 (diff)
download: bugzilla-83fc5743d999a2bb8ca13def0e80c2e999e20571.tar.gz
bugzilla-83fc5743d999a2bb8ca13def0e80c2e999e20571.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm
index 0b5113e52..5704c5848 100644
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/Verify/LDAP.pm
@@ -18,6 +18,7 @@ use Bugzilla::User;
 use Bugzilla::Util;
 
 use Net::LDAP;
+use Net::LDAP::Util qw(escape_filter_value);
 
 use constant admin_can_create_account => 0;
 use constant user_can_create_account  => 0;
@@ -121,6 +122,7 @@ sub check_credentials {
 
 sub _bz_search_params {
     my ($username) = @_;
+    $username = escape_filter_value($username);
     return (base   => Bugzilla->params->{"LDAPBaseDN"},
             scope  => "sub",
             filter => '(&(' . Bugzilla->params->{"LDAPuidattribute"}
author	Reed Loden <reed@reedloden.com>	2012-08-30 20:26:01 +0200
committer	Frédéric Buclin <LpSolit@gmail.com>	2012-08-30 20:26:01 +0200
commit	83fc5743d999a2bb8ca13def0e80c2e999e20571 (patch)
tree	08f7cb85e23783f3bff9ba9c0ec510b8200a838a /Bugzilla/Auth
parent	1ff417cbaa2905f64d4417290c4255080884ee02 (diff)
download	bugzilla-83fc5743d999a2bb8ca13def0e80c2e999e20571.tar.gz bugzilla-83fc5743d999a2bb8ca13def0e80c2e999e20571.tar.xz