diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2004-12-17 16:20:21 +0000 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2004-12-17 16:20:21 +0000 |
| commit | 5e1b0bfbc373116076cd70b7b2a52ea842d32122 (patch) | |
| tree | df58b6fd3e70cfb77299612d21cb3327493c9bda /auth | |
| parent | a746a09b008fa5fb297a50422913e1918341ad11 (diff) | |
| download | mailutils-5e1b0bfbc373116076cd70b7b2a52ea842d32122.tar.gz mailutils-5e1b0bfbc373116076cd70b7b2a52ea842d32122.tar.bz2 | |
(sql_escape_string): Escape ocurrences of ' and " in string.
(mu_sql_expand_query): prevent possible sql injection
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/sql.c | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/auth/sql.c b/auth/sql.c index 018381804..ba3673bbe 100644 --- a/auth/sql.c +++ b/auth/sql.c @@ -63,14 +63,44 @@ char *mu_sql_db = "accounts"; /* Database Name */ int mu_sql_port = 0; /* Port number to connect to. 0 means default port */ +static char * +sql_escape_string (const char *ustr) +{ + char *str, *q; + const unsigned char *p; + size_t len = strlen (ustr); + + for (p = (const unsigned char *) ustr; *p; p++) + { + if (strchr ("'\"", *p)) + len++; + } + + str = malloc (len + 1); + if (!str) + return NULL; + + for (p = (const unsigned char *) ustr, q = str; *p; p++) + { + if (strchr ("'\"", *p)) + *q++ = '\\'; + *q++ = *p; + } + *q = 0; + return str; +} + char * mu_sql_expand_query (const char *query, const char *ustr) { char *p, *q, *res; int len; - + char *esc_ustr; + if (!query) return NULL; + + esc_ustr = sql_escape_string (ustr); /* Compute resulting query length */ for (len = 0, p = (char *) query; *p; ) @@ -79,7 +109,7 @@ mu_sql_expand_query (const char *query, const char *ustr) { if (p[1] == 'u') { - len += strlen (ustr); + len += strlen (esc_ustr); p += 2; } else if (p[1] == '%') @@ -102,7 +132,10 @@ mu_sql_expand_query (const char *query, const char *ustr) res = malloc (len + 1); if (!res) - return res; + { + free (esc_ustr); + return res; + } for (p = (char *) query, q = res; *p; ) { @@ -111,7 +144,7 @@ mu_sql_expand_query (const char *query, const char *ustr) switch (*++p) { case 'u': - strcpy (q, ustr); + strcpy (q, esc_ustr); q += strlen (q); p++; break; @@ -128,6 +161,8 @@ mu_sql_expand_query (const char *query, const char *ustr) *q++ = *p++; } *q = 0; + + free (esc_ustr); return res; } |