From 22128dac8bab3e38061073d672e9b7c2e1bbf439 Mon Sep 17 00:00:00 2001
From: "peter@adpm.de" <peter@adpm.de>
Date: Sat, 5 Mar 2011 18:41:07 +0000
Subject: [PATCH] base(): make more secure, allow '' as DN

Only accept DNs as arguments to base that are legal DNs.
Convert DN given into canonical form.

FossilOrigin-Name: a0488120c18e20d452ec6ebe8b44e009fca7839c39b0af5524254ea6bd4294e3
---
 shelldap | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/shelldap b/shelldap
index 3c88f99..b746991 100755
--- a/shelldap
+++ b/shelldap
@@ -368,6 +368,7 @@ use Term::ReadKey;
 use Term::Shell;
 use Digest::MD5;
 use Net::LDAP qw(LDAP_SUCCESS LDAP_SERVER_DOWN);
+use Net::LDAP::Util qw(canonical_dn);
 use Net::LDAP::LDIF;
 use Data::Dumper;
 use File::Temp;
@@ -623,8 +624,9 @@ sub base
 		$conf->{'basedn'} = $namingContexts[0];
 		$self->{'base'}   = $namingContexts[0];
 	}
-	if ( $_[0] ) {
-		$self->{'base'} = $_[0];
+	if ( @_ ) {
+		my $base = canonical_dn($_[0], casefold => 'none');
+		$self->{'base'} = $base  if ($base);
 	}
 	return $self->{'base'};
 }