Univention Bugzilla – Bug 57264
Missing LDAP filter escaping in univention-mail-cyrus
Last modified: 2024-05-08 11:10:35 CEST
In base/pam-univentionmailcyrus/pam_univentionmailcyrus.c: 161 rv = snprintf(filter, BUFSIZ, "(&(%s=%s)(%s=*))", fromattr, fromuser, toattr); The filter values are not escaped. As shown here https://forge.univention.org/bugzilla/show_bug.cgi?id=56360 >When I authenticate with an corrupted subset of an invalid LDAP filter I see in /var/log/auth.log it's used for the query: >> PAM('dovecot').authenticate('*)(cn=security)', 'univention') > >> PAM-univentionmailcyrus[19138]: Failed to query LDAP server: (&(mailPrimaryAddress=*)(cn=security))(uid=*))