Open onovy opened 4 years ago
I encountered the error during make install with this module.
/root/nginx-auth-ldap/ngx_http_auth_ldap_module.c: In function ‘ngx_http_auth_ldap_escape_filter’:
/root/nginx-auth-ldap/ngx_http_auth_ldap_module.c:766:19: error: pointer targets in assignment differ in signedness [-Werror=pointer-sign]
userbv.bv_val = in->data;
^
cc1: all warnings being treated as errors
make[1]: *** [objs/addon/nginx-auth-ldap/ngx_http_auth_ldap_module.o] Error 1
make[1]: Leaving directory `/root/nginx-1.20.1'
make: *** [build] Error 2
When username contains any special character (parentheses, asterisk, ...) user search will fail.
When returned DN of user contains any escaped character (for example ",") group filter will fail.
Example:
Which is wrong and doesn't work with Active directory.
Correct is:
This patch fixies both of these bugs by using ldap_bv2escaped_filter_value from LDAP client to escape all of filter values.
See: https://tools.ietf.org/search/rfc2254#page-5 Fixes #224 fixes #180
CVE-2020-14013