diff --git a/changelog/13452.txt b/changelog/13452.txt new file mode 100644 index 000000000..617723046 --- /dev/null +++ b/changelog/13452.txt @@ -0,0 +1,3 @@ +```release-note:bug +sdk/helper/ldaputil: properly escape a trailing escape character to prevent panics. +``` \ No newline at end of file diff --git a/sdk/helper/ldaputil/client.go b/sdk/helper/ldaputil/client.go index 2c3a17fb9..329e69ecc 100644 --- a/sdk/helper/ldaputil/client.go +++ b/sdk/helper/ldaputil/client.go @@ -512,7 +512,7 @@ func EscapeLDAPValue(input string) string { // - null for i := 0; i < len(input); i++ { escaped := false - if input[i] == '\\' { + if input[i] == '\\' && i+1 < len(input)-1 { i++ escaped = true } diff --git a/sdk/helper/ldaputil/client_test.go b/sdk/helper/ldaputil/client_test.go index f81294ffc..c9ae9cd4b 100644 --- a/sdk/helper/ldaputil/client_test.go +++ b/sdk/helper/ldaputil/client_test.go @@ -32,6 +32,9 @@ func TestLDAPEscape(t *testing.T) { "test\\hello": "test\\\\hello", " test ": "\\ test \\ ", "": "", + "\\test": "\\\\test", + "test\\": "test\\\\", + "test\\ ": "test\\\\\\ ", } for test, answer := range testcases {