From 52de08433c3c624c37d7620a62a2f8293dc680b3 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Wed, 4 Jan 2023 16:17:08 +0200 Subject: [PATCH] Escape LDAP search chars (#1135) IB-7536 Signed-off-by: Raul Metsma Signed-off-by: Raul Metsma --- client/LdapSearch.cpp | 9 +++++---- client/dialogs/AddRecipients.cpp | 16 ++++++++++------ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/client/LdapSearch.cpp b/client/LdapSearch.cpp index 79b41ddce..9f2c182f4 100644 --- a/client/LdapSearch.cpp +++ b/client/LdapSearch.cpp @@ -37,11 +37,12 @@ using ULONG = int; using LDAP_TIMEVAL = timeval; #endif +#include class LdapSearch::Private { public: - LDAP *ldap = nullptr; + LDAP *ldap {}; QByteArray host; QTimer *timer; }; @@ -145,18 +146,18 @@ void LdapSearch::search(const QString &search, const QVariantMap &userData) return; } - char *attrs[] = { const_cast("userCertificate;binary"), nullptr }; + std::array attrs { const_cast("userCertificate;binary"), nullptr }; ULONG msg_id = 0; int err = ldap_search_ext( d->ldap, const_cast("c=EE"), LDAP_SCOPE_SUBTREE, - const_cast(search.toLocal8Bit().constData()), attrs, 0, nullptr, nullptr, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &msg_id); + const_cast(search.toUtf8().constData()), attrs.data(), 0, nullptr, nullptr, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &msg_id); if(err) return setLastError( tr("Failed to init ldap search"), err ); QTimer *timer = new QTimer(this); connect(timer, &QTimer::timeout, this, [this, msg_id, timer, userData] { LDAPMessage *result = nullptr; - LDAP_TIMEVAL t = { 5, 0 }; + LDAP_TIMEVAL t { 5, 0 }; int err = ldap_result(d->ldap, msg_id, LDAP_MSG_ALL, &t, &result); switch(err) { diff --git a/client/dialogs/AddRecipients.cpp b/client/dialogs/AddRecipients.cpp index d99052764..5fea4e874 100644 --- a/client/dialogs/AddRecipients.cpp +++ b/client/dialogs/AddRecipients.cpp @@ -316,7 +316,7 @@ QString AddRecipients::path() const QFileInfo f( s.fileName() ); return f.absolutePath() + "/" + f.baseName() + "/certhistory.xml"; #else - return QStandardPaths::writableLocation(QStandardPaths::AppDataLocation) + "/certhistory.xml"; + return QStandardPaths::writableLocation(QStandardPaths::AppDataLocation) + QStringLiteral("/certhistory.xml"); #endif } @@ -395,10 +395,14 @@ void AddRecipients::search(const QString &term, bool select, const QString &type ui->confirm->setAutoDefault(false); QVariantMap userData { - {"type", type}, - {"select", select} + {QStringLiteral("type"), type}, + {QStringLiteral("select"), select} }; - QString cleanTerm = term.simplified(); + QString cleanTerm = term.simplified() + .replace(QStringLiteral("*"), QStringLiteral("\2A")) + .replace(QStringLiteral("("), QStringLiteral("\28")) + .replace(QStringLiteral(")"), QStringLiteral("\29")) + .replace(QStringLiteral("\\"), QStringLiteral("\5c")); bool isDigit = false; cleanTerm.toULongLong(&isDigit); if(isDigit && (cleanTerm.size() == 11 || cleanTerm.size() == 8)) @@ -411,7 +415,7 @@ void AddRecipients::search(const QString &term, bool select, const QString &type WarningDialog::show(this, tr("Personal code is not valid!")); return; } - userData["personSearch"] = true; + userData[QStringLiteral("personSearch")] = true; ldap_person->search(QStringLiteral("(serialNumber=%1%2)" ).arg(ldap_person->isSSL() ? QStringLiteral("PNOEE-") : QString(), cleanTerm), userData); } else @@ -438,7 +442,7 @@ void AddRecipients::showResult(const QList &result, int resultC if((c.keyUsage().contains(SslCertificate::KeyEncipherment) || c.keyUsage().contains(SslCertificate::KeyAgreement)) && !c.enhancedKeyUsage().contains(SslCertificate::ServerAuth) && - (userData.value("personSearch", false).toBool() || !c.enhancedKeyUsage().contains(SslCertificate::ClientAuth)) && + (userData.value(QStringLiteral("personSearch"), false).toBool() || !c.enhancedKeyUsage().contains(SslCertificate::ClientAuth)) && c.type() != SslCertificate::MobileIDType) { isEmpty = false;