Patch Set 1: Code-Review+1 (1 comment)
https://gerrit.osmocom.org/#/c/5205/1/src/libmsc/db.c File src/libmsc/db.c: Line 197: dbi_result queryf(dbi_conn conn, const char *format, ...) That's just SQL injection waiting to happen. Too bad libdbi does not support prepared statements - I wish we could use smth like https://sqlite.org/c3ref/prepare.html -- To view, visit https://gerrit.osmocom.org/5205 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I4171dad8ffffbf634a75dedde752d82c51ff7803 Gerrit-PatchSet: 1 Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Owner: Neels Hofmeyr <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max <[email protected]> Gerrit-HasComments: Yes
