diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index d77551d7187..b1470715b54 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.146 2006/11/06 01:27:52 neilc Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.146.2.1 2008/07/24 17:52:09 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -730,8 +730,14 @@ CheckLDAPAuth(Port *port) } /* - * Crack the LDAP url. We do a very trivial parse.. + * Crack the LDAP url. We do a very trivial parse: + * * ldap[s]://[:]/[;prefix[;suffix]] + * + * This code originally used "%127s" for the suffix, but that doesn't + * work for embedded whitespace. We know that tokens formed by + * hba.c won't include newlines, so we can use a "not newline" scanset + * instead. */ server[0] = '\0'; @@ -741,13 +747,13 @@ CheckLDAPAuth(Port *port) /* ldap, including port number */ r = sscanf(port->auth_arg, - "ldap://%127[^:]:%i/%127[^;];%127[^;];%127s", + "ldap://%127[^:]:%i/%127[^;];%127[^;];%127[^\n]", server, &ldapport, basedn, prefix, suffix); if (r < 3) { /* ldaps, including port number */ r = sscanf(port->auth_arg, - "ldaps://%127[^:]:%i/%127[^;];%127[^;];%127s", + "ldaps://%127[^:]:%i/%127[^;];%127[^;];%127[^\n]", server, &ldapport, basedn, prefix, suffix); if (r >= 3) ssl = true; @@ -756,14 +762,14 @@ CheckLDAPAuth(Port *port) { /* ldap, no port number */ r = sscanf(port->auth_arg, - "ldap://%127[^/]/%127[^;];%127[^;];%127s", + "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]", server, basedn, prefix, suffix); } if (r < 2) { /* ldaps, no port number */ r = sscanf(port->auth_arg, - "ldaps://%127[^/]/%127[^;];%127[^;];%127s", + "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]", server, basedn, prefix, suffix); if (r >= 2) ssl = true;