Net::LDAP::DN.escape() throws when attempting to escape attr value beginning with `#`

[bgraves-lo]

Net::LDAP::DN.escape() is meant to adhere to https://datatracker.ietf.org/doc/html/rfc2253#section-2.4, which defines the convention for escaping attribute values.

Here's the related code:

ruby-net-ldap/lib/net/ldap/dn.rb

Lines 192 to 216 in d6bb5c8

	# http://tools.ietf.org/html/rfc2253 section 2.4 lists these exceptions
	# for dn values. All of the following must be escaped in any normal string
	# using a single backslash ('\') as escape.
	ESCAPES = {
	',' => ',',
	'+' => '+',
	'"' => '"',
	'\\' => '\\',
	'<' => '<',
	'>' => '>',
	';' => ';',
	}
	# Compiled character class regexp using the keys from the above hash, and
	# checking for a space or # at the start, or space at the end, of the
	# string.
	ESCAPE_RE = Regexp.new("(^ |^#| $|[" +
	ESCAPES.keys.map { |e| Regexp.escape(e) }.join +
	"])")
	##
	# Escape a string for use in a DN value
	def self.escape(string)
	string.gsub(ESCAPE_RE) { |char| "\\" + ESCAPES[char] }
	end

The code properly escapes the special characters included in the ESCAPES hash, handling this case from the RFC:

    o   one of the characters ",", "+", """, "\", "<", ">" or ";"

But the problem occurs with the special cases involving '#' and space:

    o   a space or "#" character occurring at the beginning of the
        string

    o   a space character occurring at the end of the string

Space and '#' aren't included in that hash, so if ESCAPE_RE matches '^#', for instance, the lookup of ESCAPES['#'] returns nil, which causes "\\" + ESCAPES[char] to throw a TypeError (no implicit conversion of nil into String).

A potential workaround:

  def self.escape(string)
    string.gsub(ESCAPE_RE) { |char| "\\" + (ESCAPES[char] || char) }
  end

[HarlemSquirrel]

Thank you for opening this issue! You have described this very well and I would be happy to review a pull request for this fix!

[bgraves-lo]

This fell off my radar till now 😅 , just submitted a PR.