aboutsummaryrefslogtreecommitdiff
path: root/src/backend/libpq/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/libpq/auth.c')
-rw-r--r--src/backend/libpq/auth.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index d77551d7187..b1470715b54 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.146 2006/11/06 01:27:52 neilc Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.146.2.1 2008/07/24 17:52:09 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -730,8 +730,14 @@ CheckLDAPAuth(Port *port)
}
/*
- * Crack the LDAP url. We do a very trivial parse..
+ * Crack the LDAP url. We do a very trivial parse:
+ *
* ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]]
+ *
+ * This code originally used "%127s" for the suffix, but that doesn't
+ * work for embedded whitespace. We know that tokens formed by
+ * hba.c won't include newlines, so we can use a "not newline" scanset
+ * instead.
*/
server[0] = '\0';
@@ -741,13 +747,13 @@ CheckLDAPAuth(Port *port)
/* ldap, including port number */
r = sscanf(port->auth_arg,
- "ldap://%127[^:]:%i/%127[^;];%127[^;];%127s",
+ "ldap://%127[^:]:%i/%127[^;];%127[^;];%127[^\n]",
server, &ldapport, basedn, prefix, suffix);
if (r < 3)
{
/* ldaps, including port number */
r = sscanf(port->auth_arg,
- "ldaps://%127[^:]:%i/%127[^;];%127[^;];%127s",
+ "ldaps://%127[^:]:%i/%127[^;];%127[^;];%127[^\n]",
server, &ldapport, basedn, prefix, suffix);
if (r >= 3)
ssl = true;
@@ -756,14 +762,14 @@ CheckLDAPAuth(Port *port)
{
/* ldap, no port number */
r = sscanf(port->auth_arg,
- "ldap://%127[^/]/%127[^;];%127[^;];%127s",
+ "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]",
server, basedn, prefix, suffix);
}
if (r < 2)
{
/* ldaps, no port number */
r = sscanf(port->auth_arg,
- "ldaps://%127[^/]/%127[^;];%127[^;];%127s",
+ "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]",
server, basedn, prefix, suffix);
if (r >= 2)
ssl = true;