From c79879f33a05494f2ae5785a663b874bf8e42655 Mon Sep 17 00:00:00 2001
From: Michael Kozono <mkozono@gmail.com>
Date: Wed, 20 Sep 2017 15:05:25 -0700
Subject: Fix escaped equal signs

---
 lib/gitlab/ldap/dn.rb           | 10 ++++++----
 spec/lib/gitlab/ldap/dn_spec.rb |  4 ++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/gitlab/ldap/dn.rb b/lib/gitlab/ldap/dn.rb
index c23fac2d57a..554156142cc 100644
--- a/lib/gitlab/ldap/dn.rb
+++ b/lib/gitlab/ldap/dn.rb
@@ -218,10 +218,12 @@ module Gitlab
         self.class.new(*to_a).to_s
       end
 
-      # http://tools.ietf.org/html/rfc2253 section 2.4 lists these exceptions
-      # for dn values. All of the following must be escaped in any normal string
-      # using a single backslash ('\') as escape.
-      NORMAL_ESCAPES = [',', '+', '"', '\\', '<', '>', ';']
+      # https://tools.ietf.org/html/rfc4514 section 2.4 lists these exceptions
+      # for DN values. All of the following must be escaped in any normal string
+      # using a single backslash ('\') as escape. The space character is left
+      # out here because in a "normalized" string, spaces should only be escaped
+      # if necessary (i.e. leading or trailing space).
+      NORMAL_ESCAPES = [',', '+', '"', '\\', '<', '>', ';', '=']
 
       # Compiled character class regexp using the keys from the above hash, and
       # checking for a space or # at the start, or space at the end, of the
diff --git a/spec/lib/gitlab/ldap/dn_spec.rb b/spec/lib/gitlab/ldap/dn_spec.rb
index 44e30a69d44..dafc0037a0d 100644
--- a/spec/lib/gitlab/ldap/dn_spec.rb
+++ b/spec/lib/gitlab/ldap/dn_spec.rb
@@ -27,8 +27,8 @@ describe Gitlab::LDAP::DN do
       'does not strip an unescaped leading newline (actually an invalid DN)'                         | 'uid=\nJohn Smith,ou=People,dc=example,dc=com'                                                                               | 'uid=\njohn smith,ou=people,dc=example,dc=com'
       'does not strip an unescaped trailing newline (actually an invalid DN)'                        | 'uid=John Smith\n ,ou=People,dc=example,dc=com'                                                                              | 'uid=john smith\n,ou=people,dc=example,dc=com'
       'does not strip if no extraneous whitespace'                                                   | 'uid=John Smith,ou=People,dc=example,dc=com'                                                          | 'uid=john smith,ou=people,dc=example,dc=com'
-      'does not treat escaped equal signs as attribute delimiters'                                   | 'uid= foo  \\=  bar'                                                                                  | 'uid=foo  \\=  bar'
-      'does not treat escaped hex equal signs as attribute delimiters'                               | 'uid= foo  \\3D  bar'                                                                                 | 'uid=foo  \\3d  bar'
+      'does not modify an escaped equal sign in an attribute value'                                  | 'uid= foo  \\=  bar'                                                                                  | 'uid=foo  \\=  bar'
+      'converts an escaped hex equal sign to an escaped equal sign in an attribute value'            | 'uid= foo  \\3D  bar'                                                                                 | 'uid=foo  \\=  bar'
       'does not treat escaped commas as attribute delimiters'                                        | 'uid= John C. Smith, ou=San Francisco\\, CA'                                                          | 'uid=john c. smith,ou=san francisco\\, ca'
       'does not treat escaped hex commas as attribute delimiters'                                    | 'uid= John C. Smith, ou=San Francisco\\2C CA'                                                         | 'uid=john c. smith,ou=san francisco\\2c ca'
     end
-- 
cgit v1.2.1