diff options
| author | Karel Klic <kklic@redhat.com> | 2010-01-18 13:19:54 +0100 |
|---|---|---|
| committer | Karel Klic <kklic@redhat.com> | 2010-01-18 13:19:54 +0100 |
| commit | 4267cbcc29781ddcac00e259dfe05f3a26fbc2ec (patch) | |
| tree | 213e47138967f1e7af4ee9ff9a3f2ed861cb5815 /lib/Plugins/SQLite3.cpp | |
| parent | b2d1bd9e4f387c5a014d3002d741f25421c37aac (diff) | |
| parent | b41833ed61f7b579d2a46b26d261616c21a6ae32 (diff) | |
| download | abrt-4267cbcc29781ddcac00e259dfe05f3a26fbc2ec.tar.gz abrt-4267cbcc29781ddcac00e259dfe05f3a26fbc2ec.tar.xz abrt-4267cbcc29781ddcac00e259dfe05f3a26fbc2ec.zip | |
Merge branch 'master' of git://git.fedorahosted.org/git/abrt
Diffstat (limited to 'lib/Plugins/SQLite3.cpp')
| -rw-r--r-- | lib/Plugins/SQLite3.cpp | 66 |
1 files changed, 62 insertions, 4 deletions
diff --git a/lib/Plugins/SQLite3.cpp b/lib/Plugins/SQLite3.cpp index 1979f24..ffcf05f 100644 --- a/lib/Plugins/SQLite3.cpp +++ b/lib/Plugins/SQLite3.cpp @@ -90,6 +90,26 @@ static const char *const upate_sql_commands[][ABRT_TABLE_VERSION + 1] = { }, }; + +/* Is this string safe wrt SQL injection? + * PHP's mysql_real_escape_string() treats \, ', ", \x00, \n, \r, and \x1a as special. + * We are a bit more paranoid and disallow any control chars. + */ +static bool is_string_safe(const char *str) +{ + const char *p = str; + while (*p) + { + if ((unsigned char)(*p) < ' ' || strchr("\\\"\'", *p)) + { + error_msg("Probable SQL injection: '%s'", str); + return false; + } + p++; + } + return true; +} + static void get_table(vector_database_rows_t& pTable, sqlite3 *db, const char *fmt, ...) { @@ -308,6 +328,14 @@ void CSQLite3::Insert_or_Update(const char *pUUID, const char *pDebugDumpPath, const char *pTime) { + if (!is_string_safe(pUUID) + || !is_string_safe(pUID) + || !is_string_safe(pDebugDumpPath) + || !is_string_safe(pTime) + ) { + return; + } + if (!exists_uuid_uid(m_pDB, pUUID, pUID)) { execute_sql(m_pDB, @@ -336,20 +364,26 @@ void CSQLite3::Insert_or_Update(const char *pUUID, void CSQLite3::DeleteRow(const char *pUUID, const char *pUID) { + if (!is_string_safe(pUUID) + || !is_string_safe(pUID) + ) { + return; + } + if (pUID[0] == '0' && !pUID[1]) { execute_sql(m_pDB, "DELETE FROM "ABRT_TABLE" " "WHERE "COL_UUID" = '%s';", - pUUID, pUID + pUUID ); } else if (exists_uuid_uid(m_pDB, pUUID, pUID)) { execute_sql(m_pDB, "DELETE FROM "ABRT_TABLE" " - "WHERE "COL_UUID" = '%s' " - "AND ("COL_UID" = '%s' OR "COL_UID" = '-1');", - pUUID, pUID + "WHERE "COL_UUID" = '%s' " + "AND ("COL_UID" = '%s' OR "COL_UID" = '-1');", + pUUID, pUID ); } else @@ -360,6 +394,11 @@ void CSQLite3::DeleteRow(const char *pUUID, const char *pUID) void CSQLite3::DeleteRows_by_dir(const char *dump_dir) { + if (!is_string_safe(dump_dir)) + { + return; + } + execute_sql(m_pDB, "DELETE FROM "ABRT_TABLE" " "WHERE "COL_DEBUG_DUMP_PATH" = '%s'", @@ -369,6 +408,13 @@ void CSQLite3::DeleteRows_by_dir(const char *dump_dir) void CSQLite3::SetReported(const char *pUUID, const char *pUID, const char *pMessage) { + if (!is_string_safe(pUUID) + || !is_string_safe(pUID) + || !is_string_safe(pMessage) + ) { + return; + } + if (pUID[0] == '0' && !pUID[1]) { execute_sql(m_pDB, @@ -409,6 +455,12 @@ void CSQLite3::SetReported(const char *pUUID, const char *pUID, const char *pMes vector_database_rows_t CSQLite3::GetUIDData(const char *pUID) { vector_database_rows_t table; + + if (!is_string_safe(pUID)) + { + return table; + } + if (pUID[0] == '0' && !pUID[1]) { get_table(table, m_pDB, "SELECT * FROM "ABRT_TABLE";"); @@ -426,6 +478,12 @@ vector_database_rows_t CSQLite3::GetUIDData(const char *pUID) database_row_t CSQLite3::GetRow(const char *pUUID, const char *pUID) { + if (!is_string_safe(pUUID) + || !is_string_safe(pUID) + ) { + return database_row_t(); + } + vector_database_rows_t table; if (pUID[0] == '0' && !pUID[1]) |