Bugs item #2049266, was opened at 2008-08-13 10:40
Message generated for change (Comment added) made by mhoenicka
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=512945&aid=2049266&group_id=65979
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
>Resolution: Works For Me
Priority: 5
Private: No
Submitted By: Alexander Amelkin (spirit-rc)
Assigned to: Nobody/Anonymous (nobody)
Summary: mysql: dbi_conn_quote_string* functions do not escape quotes
Initial Comment:
For the mysql driver v.0.8.3, this code:
----------------------
char *username="buggyrequest\" and something bad \"";
char *username2;
...
dbi_conn_quote_string_copy(conn, username, &username2);
printf("Username: %s\n");
----------------------
results in the following printout:
----------------------
Username: "buggyrequest" and something bad ""
----------------------
Thus, the resulting username2 string can't actually be used in a call like
dbi_conn_queryf(conn, "select * from users where username=%s", username2);
and will lead to an injection of a malicious SQL code if the original
username is supplied by the user.
----------------------------------------------------------------------
>Comment By: Markus Hoenicka (mhoenicka)
Date: 2008-08-13 14:14
Message:
Logged In: YES
user_id=85809
Originator: NO
I was actually wondering how this could happen, as the mysql driver simply
hands the string over to the MySQL client library to escape it. Also, we
have tests in libdbi-drivers which should have reported this error. But
nevermind. I'll close this bug.
----------------------------------------------------------------------
Comment By: Alexander Amelkin (spirit-rc)
Date: 2008-08-13 13:58
Message:
Logged In: YES
user_id=412567
Originator: YES
Sorry for bothering. It was a linking bug at my side. My program linked
with a wrong version of my library which didn't actually used the
dbi_conn_quote_string_copy() function.
dbi_conn_quote_string_copy() does it's job right.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=512945&aid=2049266&group_id=65979
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Libdbi-drivers-devel mailing list
Libdbi-drivers-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libdbi-drivers-devel
