projects / freeradius.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 427cc85)
Strings from options "key" and "sql-inst" are copied verbatim
authornbk <nbk>
Mon, 12 Dec 2005 17:01:55 +0000 (17:01 +0000)
committernbk <nbk>
Mon, 12 Dec 2005 17:01:55 +0000 (17:01 +0000)
to the SQL query, therefore it's better to check them with
sql_escape_func at the module's initialization.

Thanks again to Primoz Bratanic <primoz@slo-tech.com> for discovering
one more problem in this module.

src/modules/rlm_sqlcounter/rlm_sqlcounter.c patch | blob | history

diff --git a/src/modules/rlm_sqlcounter/rlm_sqlcounter.c b/src/modules/rlm_sqlcounter/rlm_sqlcounter.c
index bdbd191..0a44ca0 100644 (file)
--- a/src/modules/rlm_sqlcounter/rlm_sqlcounter.c
+++ b/src/modules/rlm_sqlcounter/rlm_sqlcounter.c
@@ -430,6 +430,7 @@ static int sqlcounter_instantiate(CONF_SECTION *conf, void **instance)
        DICT_ATTR *dattr;
        ATTR_FLAGS flags;
        time_t now;
+       char buffer[MAX_STRING_LEN];
 
        /*
         *      Set up a storage area for instance data
@@ -456,6 +457,11 @@ static int sqlcounter_instantiate(CONF_SECTION *conf, void **instance)
                radlog(L_ERR, "rlm_sqlcounter: 'key' must be set.");
                return -1;
        }
+       sql_escape_func(buffer, sizeof(buffer), data->key_name);
+       if (strcmp(buffer, data->key_name) != 0) {
+               radlog(L_ERR, "rlm_sqlcounter: The value for option 'key' is too long or contains unsafe characters.");
+               return -1;
+       }
        dattr = dict_attrbyname(data->key_name);
        if (dattr == NULL) {
                radlog(L_ERR, "rlm_sqlcounter: No such attribute %s",
@@ -464,6 +470,18 @@ static int sqlcounter_instantiate(CONF_SECTION *conf, void **instance)
        }
        data->key_attr = dattr->attr;
 
+       /*
+        *      Check the "sqlmod-inst" option.
+        */
+       if (data->sqlmod_inst == NULL) {
+               radlog(L_ERR, "rlm_sqlcounter: 'sqlmod-inst' must be set.");
+               return -1;
+       }
+       sql_escape_func(buffer, sizeof(buffer), data->sqlmod_inst);
+       if (strcmp(buffer, data->sqlmod_inst) != 0) {
+               radlog(L_ERR, "rlm_sqlcounter: The value for option 'sqlmod-inst' is too long or contains unsafe characters.");
+               return -1;
+       }
 
        /*
         *  Create a new attribute for the counter.
Unnamed repository; edit this file 'description' to name the repository.