diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-26 11:33:50 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-26 11:33:50 +0100 |
| commit | 56c4663db844dd18f45fdcfcfbee39ead08e53cb (patch) | |
| tree | 4a0fa76633bb29a5700db649a94b9ec490d4e86a /lib/Plugins/SQLite3.cpp | |
| parent | bec6503010767bf08b5e54ba3580d0911e816183 (diff) | |
| parent | 16292fa62be610ed3d51dcfa4778caf3ba835a82 (diff) | |
| download | abrt-56c4663db844dd18f45fdcfcfbee39ead08e53cb.tar.gz abrt-56c4663db844dd18f45fdcfcfbee39ead08e53cb.tar.xz abrt-56c4663db844dd18f45fdcfcfbee39ead08e53cb.zip | |
Merge branch 'master' into rhel6
Diffstat (limited to 'lib/Plugins/SQLite3.cpp')
| -rw-r--r-- | lib/Plugins/SQLite3.cpp | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/lib/Plugins/SQLite3.cpp b/lib/Plugins/SQLite3.cpp index 7f90c46..6876c65 100644 --- a/lib/Plugins/SQLite3.cpp +++ b/lib/Plugins/SQLite3.cpp @@ -98,6 +98,11 @@ static bool is_string_safe(const char *str) const char *p = str; while (*p) { + if (*p == '\\' && p[1] != '\0') + { + p += 2; + continue; + } if ((unsigned char)(*p) < ' ' || strchr("\\\"\'", *p)) { error_msg("Probable SQL injection: '%s'", str); @@ -108,6 +113,31 @@ static bool is_string_safe(const char *str) return true; } +/* Escape \n */ +static string sql_escape(const char *str) +{ + const char *s = str; + unsigned len = 0; + do + { + if (*s == '\n') + len++; + len++; + } while (*s++); + + char buf[len]; + s = str; + char *d = buf; + do + { + if (*s == '\n') + *d++ = '\\'; + *d++ = *s; + } while (*s++); + + return buf; +} + static void get_table(vector_database_rows_t& pTable, sqlite3 *db, const char *fmt, ...) { @@ -406,9 +436,12 @@ void CSQLite3::DeleteRows_by_dir(const char *dump_dir) void CSQLite3::SetReported(const char *pUUID, const char *pUID, const char *pMessage) { + string escaped_msg = sql_escape(pMessage); +#define pMessage pMessage_must_not_be_used_below + if (!is_string_safe(pUUID) || !is_string_safe(pUID) - || !is_string_safe(pMessage) + || !is_string_safe(escaped_msg.c_str()) ) { return; } @@ -424,7 +457,7 @@ void CSQLite3::SetReported(const char *pUUID, const char *pUID, const char *pMes execute_sql(m_pDB, "UPDATE "ABRT_TABLE" " "SET "COL_MESSAGE" = '%s' " "WHERE "COL_UUID" = '%s';", - pMessage, pUUID + escaped_msg.c_str(), pUUID ); } else if (exists_uuid_uid(m_pDB, pUUID, pUID)) @@ -441,13 +474,14 @@ void CSQLite3::SetReported(const char *pUUID, const char *pUID, const char *pMes "SET "COL_MESSAGE" = '%s' " "WHERE "COL_UUID" = '%s' " "AND ("COL_UID" = '%s' OR "COL_UID" = '-1');", - pMessage, pUUID, pUID + escaped_msg.c_str(), pUUID, pUID ); } else { error_msg("UUID,UID %s,%s is not found in DB", pUUID, pUID); } +#undef pMessage } vector_database_rows_t CSQLite3::GetUIDData(const char *pUID) |