From ecbd037205723884036b4a467c19d7904b8b6cee Mon Sep 17 00:00:00 2001
From: lukas-eu <62448426+lukas-eu@users.noreply.github.com>
Date: Fri, 10 Oct 2025 19:47:46 +0200
Subject: [PATCH] Merge commit from fork

CVE: CVE-2025-61911
Upstream-Status: Backport [https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 Lib/ldap/filter.py     | 2 ++
 Tests/t_ldap_filter.py | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/Lib/ldap/filter.py b/Lib/ldap/filter.py
index 782737a..5bd41b2 100644
--- a/Lib/ldap/filter.py
+++ b/Lib/ldap/filter.py
@@ -24,6 +24,8 @@ def escape_filter_chars(assertion_value,escape_mode=0):
       If 1 all NON-ASCII chars are escaped.
       If 2 all chars are escaped.
   """
+  if not isinstance(assertion_value, str):
+    raise TypeError("assertion_value must be of type str.")
   if escape_mode:
     r = []
     if escape_mode==1:
diff --git a/Tests/t_ldap_filter.py b/Tests/t_ldap_filter.py
index 313b373..5431205 100644
--- a/Tests/t_ldap_filter.py
+++ b/Tests/t_ldap_filter.py
@@ -49,6 +49,10 @@ class TestDN(unittest.TestCase):
             ),
             r'\c3\a4\c3\b6\c3\bc\c3\84\c3\96\c3\9c\c3\9f'
         )
+        with self.assertRaises(TypeError):
+            escape_filter_chars(["abc@*()/xyz"], escape_mode=1)
+        with self.assertRaises(TypeError):
+            escape_filter_chars({"abc@*()/xyz": 1}, escape_mode=1)
 
     def test_escape_filter_chars_mode2(self):
         """