diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-26 16:10:58 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-26 16:10:58 +0100 |
| commit | 1ec96a4fa027821a192a5296746295e638fb535a (patch) | |
| tree | 345a7d9dc741a7c197a6e23f96506848499f0973 /lib | |
| parent | 8af077ccd55f0b55a5cbe97b47cbf6606a1fa7e1 (diff) | |
| parent | faf415ae470e4449880cf0377b8186382682c5ae (diff) | |
| download | abrt-1ec96a4fa027821a192a5296746295e638fb535a.tar.gz abrt-1ec96a4fa027821a192a5296746295e638fb535a.tar.xz abrt-1ec96a4fa027821a192a5296746295e638fb535a.zip | |
Merge branch 'master' into rhel6
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Plugins/SQLite3.cpp | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/lib/Plugins/SQLite3.cpp b/lib/Plugins/SQLite3.cpp index 6876c652..80cbd82b 100644 --- a/lib/Plugins/SQLite3.cpp +++ b/lib/Plugins/SQLite3.cpp @@ -95,16 +95,23 @@ static const char *const upate_sql_commands[][ABRT_TABLE_VERSION + 1] = { */ static bool is_string_safe(const char *str) { +// Apparently SQLite allows unescaped newlines. More surprisingly, +// it does not unescape escaped ones - I see lines ending with \ when I do it. +// I wonder whether this is a bug in SQLite, and whether using unescaped +// newlines is a danger with other SQL servers. +// For now, I disabled newline escaping... const char *p = str; while (*p) { - if (*p == '\\' && p[1] != '\0') - { - p += 2; - continue; - } - if ((unsigned char)(*p) < ' ' || strchr("\\\"\'", *p)) - { + unsigned char c = *p; +// if (c == '\\' && p[1] != '\0') +// { +// p += 2; +// continue; +// } + if ((c < ' ' && c != '\n') + || strchr("\\\"\'", c) + ) { error_msg("Probable SQL injection: '%s'", str); return false; } @@ -113,6 +120,7 @@ static bool is_string_safe(const char *str) return true; } +#ifdef UNUSED_FOR_NOW /* Escape \n */ static string sql_escape(const char *str) { @@ -137,6 +145,7 @@ static string sql_escape(const char *str) return buf; } +#endif static void get_table(vector_database_rows_t& pTable, sqlite3 *db, const char *fmt, ...) @@ -436,12 +445,12 @@ void CSQLite3::DeleteRows_by_dir(const char *dump_dir) void CSQLite3::SetReported(const char *pUUID, const char *pUID, const char *pMessage) { - string escaped_msg = sql_escape(pMessage); -#define pMessage pMessage_must_not_be_used_below +// string escaped_msg = sql_escape(pMessage); +//#define pMessage pMessage_must_not_be_used_below if (!is_string_safe(pUUID) || !is_string_safe(pUID) - || !is_string_safe(escaped_msg.c_str()) + || !is_string_safe(pMessage) ) { return; } @@ -457,7 +466,7 @@ void CSQLite3::SetReported(const char *pUUID, const char *pUID, const char *pMes execute_sql(m_pDB, "UPDATE "ABRT_TABLE" " "SET "COL_MESSAGE" = '%s' " "WHERE "COL_UUID" = '%s';", - escaped_msg.c_str(), pUUID + pMessage, pUUID ); } else if (exists_uuid_uid(m_pDB, pUUID, pUID)) @@ -474,14 +483,13 @@ void CSQLite3::SetReported(const char *pUUID, const char *pUID, const char *pMes "SET "COL_MESSAGE" = '%s' " "WHERE "COL_UUID" = '%s' " "AND ("COL_UID" = '%s' OR "COL_UID" = '-1');", - escaped_msg.c_str(), pUUID, pUID + pMessage, pUUID, pUID ); } else { error_msg("UUID,UID %s,%s is not found in DB", pUUID, pUID); } -#undef pMessage } vector_database_rows_t CSQLite3::GetUIDData(const char *pUID) |