From b5897262b10e1b97dccfbd6d539037c31f11c7c5 Mon Sep 17 00:00:00 2001
From: Nandavardhan8 <180159032+Nandavardhan8@users.noreply.github.com>
Date: Mon, 16 Sep 2024 15:06:31 +0530
Subject: [PATCH] fix for CVE-2023-33201

---
 .../jce/provider/X509LDAPCertStoreSpi.java    | 56 ++++++++++++++++++-
 1 file changed, 55 insertions(+), 1 deletion(-)

diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
index f5269947c3..a5e5d41d16 100644
--- a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
+++ b/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
@@ -395,6 +395,59 @@ public Collection engineGetCRLs(CRLSelector selector)
 
         return crlSet;
     }
+    private static String[] FILTER_ESCAPE_TABLE = new String['\\' + 1];
+
+
+    static {
+
+        // Filter encoding table -------------------------------------
+
+        // fill with char itself
+        for (char c = 0; c < FILTER_ESCAPE_TABLE.length; c++) {
+            FILTER_ESCAPE_TABLE[c] = String.valueOf(c);
+        }
+
+        // escapes (RFC2254)
+        FILTER_ESCAPE_TABLE['*'] = "\\2a";
+        FILTER_ESCAPE_TABLE['('] = "\\28";
+        FILTER_ESCAPE_TABLE[')'] = "\\29";
+        FILTER_ESCAPE_TABLE['\\'] = "\\5c";
+        FILTER_ESCAPE_TABLE[0] = "\\00";
+
+    }
+
+    /**
+     * Escape a value for use in a filter.
+     * @param value the value to escape.
+     * @return a properly escaped representation of the supplied value.
+     */
+    private String filterEncode(String value)
+    {
+        if (value == null)
+        {
+            return null;
+        }
+
+        // make buffer roomy
+        StringBuilder encodedValue = new StringBuilder(value.length() * 2);
+
+        int length = value.length();
+
+        for (int i = 0; i < length; i++) {
+
+            char c = value.charAt(i);
+
+            if (c < FILTER_ESCAPE_TABLE.length) {
+                encodedValue.append(FILTER_ESCAPE_TABLE[c]);
+            }
+            else {
+                // default: add the char
+                encodedValue.append(c);
+            }
+        }
+
+        return encodedValue.toString();
+    }
 
     /**
      * Returns a Set of byte arrays with the certificate or CRL encodings.
@@ -408,7 +461,8 @@ public Collection engineGetCRLs(CRLSelector selector)
     private Set search(String attributeName, String attributeValue,
                        String[] attrs) throws CertStoreException
     {
-        String filter = attributeName + "=" + attributeValue;
+        String filter = attributeName + "=" + filterEncode(attributeValue);
+        System.out.println(filter);
         if (attributeName == null)
         {
             filter = null;