Merge pull request #2635 from stavamichal/fixVulnerablityInLDAPBasedE…

…xtSources Fix vulnerability in communication with LDAP connector
CESNET · Mar 24, 2020 · ac527bc · ac527bc
2 parents 4e4b5c9 + 48cb4ec
commit ac527bc
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/perun-core/src/main/java/cz/metacentrum/perun/core/impl/ExtSourceLdap.java b/perun-core/src/main/java/cz/metacentrum/perun/core/impl/ExtSourceLdap.java
@@ -70,7 +70,7 @@ public List<Map<String,String>> findSubjectsLogins(String searchString, int maxR
 		if (query == null) {
 			throw new InternalErrorException("query attributes is required");
 		}
-		query = query.replaceAll("\\?", searchString);
+		query = query.replace("?", Utils.escapeStringForLDAP(searchString));
 
 		String base = getAttributes().get("base");
 		if (base == null) {
@@ -87,7 +87,7 @@ public Map<String, String> getSubjectByLogin(String login) throws InternalErrorE
 		if (query == null) {
 			throw new InternalErrorException("loginQuery attributes is required");
 		}
-		query = query.replaceAll("\\?", login);
+		query = query.replace("?", Utils.escapeStringForLDAP(login));
 
 		String base = getAttributes().get("base");
 		if (base == null) {

diff --git a/perun-core/src/main/java/cz/metacentrum/perun/core/impl/Utils.java b/perun-core/src/main/java/cz/metacentrum/perun/core/impl/Utils.java
@@ -1585,4 +1585,16 @@ public static Pair<Integer, TemporalUnit> prepareGracePeriodDate(Matcher matcher
 
 		return new Pair<>(amount, field);
 	}
+
+	/**
+	 * We need to escape some special characters for LDAP filtering.
+	 * We need to escape these characters: '\\', '*', '(', ')', '\000'
+	 *
+	 * @param searchString search string which need to be escaped properly
+	 * @return properly escaped search string
+	 */
+	public static String escapeStringForLDAP(String searchString) {
+		if(searchString == null) return "";
+		return searchString.replace("\\", "\\5C").replace("*", "\\2A").replace("(", "\\28").replace(")", "\\29").replace("\000", "\\00");
+	}
 }