openldap: Fix support for IPv6 addresses #13228
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ref.: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053643 When the user specified an IPv6 address to be used as an LDAP server, curl will fail to properly enclose it in square brackets, which causes the connection to fail because the host address cannot be distinguished from the port: $ curl -v ldap://[fd42:be5:e632:a6b3:216:3eff:feb1:5bc4]:389 ... * LDAP local: Cannot connect to ldap://fd42:be5:e632:a6b3:216:3eff:feb1:5bc4:389, Bad parameter to an ldap routine ... Fix this by always enclosing the IPv6 address in square brackets. Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
|
How about this slightly simpler approach? diff --git a/lib/openldap.c b/lib/openldap.c
index 47266f64e4..93d25b61cf 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -546,13 +546,16 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done)
result = oldap_parse_login_options(conn);
if(result)
return result;
}
- hosturl = aprintf("ldap%s://%s:%d",
- conn->handler->flags & PROTOPT_SSL? "s": "",
- conn->host.name, conn->remote_port);
+ hosturl = aprintf("%s://%s%s%s:%d",
+ conn->handler->scheme,
+ conn->bits.ipv6_ip? "[": "",
+ conn->host.name,
+ conn->bits.ipv6_ip? "]": "",
+ conn->remote_port);
if(!hosturl)
return CURLE_OUT_OF_MEMORY;
rc = ldap_init_fd(conn->sock[FIRSTSOCKET], li->proto, hosturl, &li->ld);
if(rc) { |
|
Ah, I completely missed the existence of |
bagder
added a commit
that referenced
this pull request
Mar 30, 2024
Reported-by: Sergio Durigan Junior Fixes #13228
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ref.: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053643
When the user specified an IPv6 address to be used as an LDAP server,
curl will fail to properly enclose it in square brackets, which causes
the connection to fail because the host address cannot be
distinguished from the port:
Fix this by always enclosing the IPv6 address in square brackets.
While this could be done without caring for the IP protocol version
being used (as per RFC 3986, which indicates that IPv4 also works
enclosed in square brackets), I decided to make the code IPv6-specific
to minimize the possibility of regressions.
I'm not familiar with curl's internals, so any suggestions/corrections
are welcome.