Skip to content

[VAULT-4018] EscapeLDAPValue - catch trailing escape character #13452

Merged
VinnyHC merged 2 commits into
mainfrom
vinnyhc/Vault-4018-EscapeLDAPValue-validation
Dec 15, 2021
Merged

[VAULT-4018] EscapeLDAPValue - catch trailing escape character #13452
VinnyHC merged 2 commits into
mainfrom
vinnyhc/Vault-4018-EscapeLDAPValue-validation

Conversation

@VinnyHC

@VinnyHC VinnyHC commented Dec 15, 2021

Copy link
Copy Markdown
Contributor

Properly escape a trailing escape character.

PR addresses findings from [Trail of Bits 018]:

The EscapeLDAPValue function does not validate input strings properly because it is possible to pass an input string that leads to panic. The bug occurs when the escaping character (“\”) in the passed string does not precede any character (is located at the end of the string).

@VinnyHC VinnyHC requested a review from raskchanky December 15, 2021 20:34
raskchanky
raskchanky reviewed Dec 15, 2021
View reviewed changes
Comment thread sdk/helper/ldaputil/client_test.go
@raskchanky

raskchanky commented Dec 15, 2021

Copy link
Copy Markdown
Collaborator

It's worth adding a changelog for this one.

@vercel vercel Bot temporarily deployed to Preview – vault-storybook December 15, 2021 20:53 Inactive
@vercel vercel Bot temporarily deployed to Preview – vault December 15, 2021 20:53 Inactive
@VinnyHC VinnyHC merged commit eadbe96 into main Dec 15, 2021
@VinnyHC VinnyHC deleted the vinnyhc/Vault-4018-EscapeLDAPValue-validation branch December 15, 2021 21:17
heppu pushed a commit to heppu/vault that referenced this pull request Jan 13, 2022
@VinnyHC @heppu
EscapeLDAPValue - catch trailing escape character (hashicorp#13452)
17932a4 
* [VAULT-4018] - EscapeLDAPValue catch trailing escape character
@peaceofthepai peaceofthepai added this to the 1.10 milestone Feb 25, 2022
MochaCaffe pushed a commit to kosmos-education/vault that referenced this pull request Apr 15, 2026
@hc-github-team-secure-vault-core @kiannaquach
[UI][VAULT-42957] Namespace wizard playwright tests (hashicorp#13289) (
d2e93e1 
…hashicorp#13324) (hashicorp#13452)

* wip namespace wizard test

* Namespaces wizard first step

* Add more namespace step 2 tests

* Modified namespace wizard tests!

* Remove namespace wizard tests

Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raskchanky raskchanky raskchanky approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.10

Development

Successfully merging this pull request may close these issues.

3 participants

@VinnyHC @raskchanky @peaceofthepai