In my previous ldap mail I proclaimed that we should encode whitespace.
Reading rfc2849 a bit further, encoding a string with leading space is
mandatory by SAFE-INIT-CHAR. This is needed because of the definition
of value-spec, which allows additional space, colon, and less-than
after the colon separating the AttributeDescription.
The code below adds these definitions. I also changed the outlen
calculation because it at least fails b64_ntop on inlen == 1.
OK?
martijn@
Index: ldapclient.c
===================================================================
RCS file: /cvs/src/usr.bin/ldap/ldapclient.c,v
retrieving revision 1.5
diff -u -p -r1.5 ldapclient.c
--- ldapclient.c 23 Oct 2018 08:28:34 -0000 1.5
+++ ldapclient.c 24 Oct 2018 08:21:27 -0000
@@ -404,8 +404,13 @@ ldapc_printattr(struct ldapc *ldap, cons
* in SAFE-STRINGs. String value that do not match the
* criteria must be encoded as Base64.
*/
- for (cp = (const unsigned char *)value;
- encode == 0 &&*cp != '\0'; cp++) {
+ cp = (const unsigned char *)value;
+ /* !SAFE-INIT-CHAR: SAFE-CHAR minus %x20 %x3A %x3C */
+ if (*cp == ' ' ||
+ *cp == ':' ||
+ *cp == '<')
+ encode = 1;
+ for (; encode == 0 &&*cp != '\0'; cp++) {
/* !SAFE-CHAR %x01-09 / %x0B-0C / %x0E-7F */
if (*cp > 127 ||
*cp == '\0' ||
@@ -421,7 +426,7 @@ ldapc_printattr(struct ldapc *ldap, cons
}
} else {
inlen = strlen(value);
- outlen = inlen * 2 + 1;
+ outlen = (((inlen + 2) / 3) * 4) + 1;
if ((out = calloc(1, outlen)) == NULL ||
b64_ntop(value, inlen, out, outlen) == -1) {
