Escape LDAP search chars (open-eid#1135)

IB-7536 Signed-off-by: Raul Metsma <[email protected]> Signed-off-by: Raul Metsma <[email protected]>
metsma · Jan 4, 2023 · 52de084 · 52de084
1 parent 2d0919c
commit 52de084
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 10 deletions.
diff --git a/client/LdapSearch.cpp b/client/LdapSearch.cpp
@@ -37,11 +37,12 @@ using ULONG = int;
 using LDAP_TIMEVAL = timeval;
 #endif
 
+#include <array>
 
 class LdapSearch::Private
 {
 public:
-	LDAP *ldap = nullptr;
+	LDAP *ldap {};
 	QByteArray host;
 	QTimer *timer;
 };
@@ -145,18 +146,18 @@ void LdapSearch::search(const QString &search, const QVariantMap &userData)
 		return;
 	}
 
-	char *attrs[] = { const_cast<char*>("userCertificate;binary"), nullptr };
+	std::array<char*, 2> attrs { const_cast<char*>("userCertificate;binary"), nullptr };
 
 	ULONG msg_id = 0;
 	int err = ldap_search_ext( d->ldap, const_cast<char*>("c=EE"), LDAP_SCOPE_SUBTREE,
-		const_cast<char*>(search.toLocal8Bit().constData()), attrs, 0, nullptr, nullptr, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &msg_id);
+		const_cast<char*>(search.toUtf8().constData()), attrs.data(), 0, nullptr, nullptr, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &msg_id);
 	if(err)
 		return setLastError( tr("Failed to init ldap search"), err );
 
 	QTimer *timer = new QTimer(this);
 	connect(timer, &QTimer::timeout, this, [this, msg_id, timer, userData] {
 		LDAPMessage *result = nullptr;
-		LDAP_TIMEVAL t = { 5, 0 };
+		LDAP_TIMEVAL t { 5, 0 };
 		int err = ldap_result(d->ldap, msg_id, LDAP_MSG_ALL, &t, &result);
 		switch(err)
 		{

diff --git a/client/dialogs/AddRecipients.cpp b/client/dialogs/AddRecipients.cpp
@@ -316,7 +316,7 @@ QString AddRecipients::path() const
 	QFileInfo f( s.fileName() );
 	return f.absolutePath() + "/" + f.baseName() + "/certhistory.xml";
 #else
-	return QStandardPaths::writableLocation(QStandardPaths::AppDataLocation) + "/certhistory.xml";
+	return QStandardPaths::writableLocation(QStandardPaths::AppDataLocation) + QStringLiteral("/certhistory.xml");
 #endif
 }
 
@@ -395,10 +395,14 @@ void AddRecipients::search(const QString &term, bool select, const QString &type
 	ui->confirm->setAutoDefault(false);
 
 	QVariantMap userData {
-		{"type", type},
-		{"select", select}
+		{QStringLiteral("type"), type},
+		{QStringLiteral("select"), select}
 	};
-	QString cleanTerm = term.simplified();
+	QString cleanTerm = term.simplified()
+		.replace(QStringLiteral("*"), QStringLiteral("\2A"))
+		.replace(QStringLiteral("("), QStringLiteral("\28"))
+		.replace(QStringLiteral(")"), QStringLiteral("\29"))
+		.replace(QStringLiteral("\\"), QStringLiteral("\5c"));
 	bool isDigit = false;
 	cleanTerm.toULongLong(&isDigit);
 	if(isDigit && (cleanTerm.size() == 11 || cleanTerm.size() == 8))
@@ -411,7 +415,7 @@ void AddRecipients::search(const QString &term, bool select, const QString &type
 				WarningDialog::show(this, tr("Personal code is not valid!"));
 				return;
 			}
-			userData["personSearch"] = true;
+			userData[QStringLiteral("personSearch")] = true;
 			ldap_person->search(QStringLiteral("(serialNumber=%1%2)" ).arg(ldap_person->isSSL() ? QStringLiteral("PNOEE-") : QString(), cleanTerm), userData);
 		}
 		else
@@ -438,7 +442,7 @@ void AddRecipients::showResult(const QList<QSslCertificate> &result, int resultC
 		if((c.keyUsage().contains(SslCertificate::KeyEncipherment) ||
 			c.keyUsage().contains(SslCertificate::KeyAgreement)) &&
 			!c.enhancedKeyUsage().contains(SslCertificate::ServerAuth) &&
-			(userData.value("personSearch", false).toBool() || !c.enhancedKeyUsage().contains(SslCertificate::ClientAuth)) &&
+			(userData.value(QStringLiteral("personSearch"), false).toBool() || !c.enhancedKeyUsage().contains(SslCertificate::ClientAuth)) &&
 			c.type() != SslCertificate::MobileIDType)
 		{
 			isEmpty = false;