php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72021 LDAP Escape DN Not RFC 4514 Compliant
Submitted: 2016-04-13 23:56 UTC Modified: 2017-01-10 07:44 UTC
From: chad dot sikorra at gmail dot com Assigned: heiglandreas (profile)
Status: Closed Package: LDAP related
PHP Version: 5.6.20 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: chad dot sikorra at gmail dot com
New email:
PHP Version: OS:

 

 [2016-04-13 23:56 UTC] chad dot sikorra at gmail dot com
Description:
------------
Per RFC 4514, leading/trailing spaces should be escaped for a DN. Additionally, carriage returns should also be escaped. Currently the ldap_escape method does not doe this. I verified (in Active Directory anyway) that this really is the case, as LDAP refuses to add a LDAP object with a DN passed through the ldap_escape method with a DN flag set when it contains any of the mentioned cases.

https://www.ietf.org/rfc/rfc4514.txt

Test script:
---------------
var_dump(ldap_escape(" Joe,= \rSmith ", null, LDAP_ESCAPE_DN));

Expected result:
----------------
It should output:

'\20Joe\2c\3d \0dSmith\20'

Actual result:
--------------
Currently outputs:

" Joe\2c\3d \rSmith "

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-10 07:44 UTC] heiglandreas@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: heiglandreas
 [2017-01-10 07:44 UTC] heiglandreas@php.net
According to https://github.com/php/php-src/blob/master/ext/ldap/tests/bug72021.phpt this seems to be fixed. 

Current PHP 7.1

PASS Bug #72021 (ldap_escape() with DN flag is not RFC compliant) [ext/ldap/tests/bug72021.phpt]
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Oct 05 00:01:29 2024 UTC