PHP :: Bug #72021 :: LDAP Escape DN Not RFC 4514 Compliant

Bug #72021	LDAP Escape DN Not RFC 4514 Compliant
Submitted:	2016-04-13 23:56 UTC	Modified:	2017-01-10 07:44 UTC
From:	chad dot sikorra at gmail dot com	Assigned:	heiglandreas (profile)
Status:	Closed	Package:	LDAP related
PHP Version:	5.6.20	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	chad dot sikorra at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2016-04-13 23:56 UTC] chad dot sikorra at gmail dot com

Description:
------------
Per RFC 4514, leading/trailing spaces should be escaped for a DN. Additionally, carriage returns should also be escaped. Currently the ldap_escape method does not doe this. I verified (in Active Directory anyway) that this really is the case, as LDAP refuses to add a LDAP object with a DN passed through the ldap_escape method with a DN flag set when it contains any of the mentioned cases.

https://www.ietf.org/rfc/rfc4514.txt

Test script:
---------------
var_dump(ldap_escape(" Joe,= \rSmith ", null, LDAP_ESCAPE_DN));

Expected result:
----------------
It should output:

'\20Joe\2c\3d \0dSmith\20'

Actual result:
--------------
Currently outputs:

" Joe\2c\3d \rSmith "

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-01-10 07:44 UTC] heiglandreas@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: heiglandreas

[2017-01-10 07:44 UTC] heiglandreas@php.net

According to https://github.com/php/php-src/blob/master/ext/ldap/tests/bug72021.phpt this seems to be fixed. 

Current PHP 7.1

PASS Bug #72021 (ldap_escape() with DN flag is not RFC compliant) [ext/ldap/tests/bug72021.phpt]

[2017-01-10 07:44 UTC] heiglandreas@php.net

Related To: Bug #72021

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 01:01:28 2024 UTC