From a2aad0bbd6fa5ff3148d9ab9a5ee3838d0b0985d Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Fri, 19 Feb 2016 13:16:52 -0500
Subject: [PATCH] Properly escape filter values.

Fixes #1030
---
 builtin/credential/ldap/backend.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go
index b693b25d83..603d5cde84 100644
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@@ -106,7 +106,7 @@ func (b *backend) Login(req *logical.Request, username string, password string)
 		sresult, err := c.Search(&ldap.SearchRequest{
 			BaseDN: cfg.UserDN,
 			Scope:  2, // subtree
-			Filter: fmt.Sprintf("(%s=%s)", cfg.UserAttr, EscapeLDAPValue(username)),
+			Filter: fmt.Sprintf("(%s=%s)", cfg.UserAttr, ldap.EscapeFilter(username)),
 		})
 		if err != nil {
 			return nil, logical.ErrorResponse(fmt.Sprintf("LDAP search for binddn failed: %v", err)), nil
@@ -132,7 +132,7 @@ func (b *backend) Login(req *logical.Request, username string, password string)
 		sresult, err := c.Search(&ldap.SearchRequest{
 			BaseDN: cfg.UserDN,
 			Scope:  2, // subtree
-			Filter: fmt.Sprintf("(userPrincipalName=%s)", binddn),
+			Filter: fmt.Sprintf("(userPrincipalName=%s)", ldap.EscapeFilter(binddn)),
 		})
 		if err != nil {
 			return nil, logical.ErrorResponse(fmt.Sprintf("LDAP search failed: %v", err)), nil
@@ -149,7 +149,7 @@ func (b *backend) Login(req *logical.Request, username string, password string)
 	sresult, err := c.Search(&ldap.SearchRequest{
 		BaseDN: cfg.GroupDN,
 		Scope:  2, // subtree
-		Filter: fmt.Sprintf("(|(memberUid=%s)(member=%s)(uniqueMember=%s))", username, userdn, userdn),
+		Filter: fmt.Sprintf("(|(memberUid=%s)(member=%s)(uniqueMember=%s))", ldap.EscapeFilter(username), ldap.EscapeFilter(userdn), ldap.EscapeFilter(userdn)),
 	})
 	if err != nil {
 		return nil, logical.ErrorResponse(fmt.Sprintf("LDAP search failed: %v", err)), nil