From 62f7d2885ad02911f0ae71e7864d4805a489137b Mon Sep 17 00:00:00 2001
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Wed, 5 Jul 2017 13:07:31 -0400
Subject: [PATCH] FR-AD-003 - Pass correct statement length into
 sqlite3_prepare[_v2]

---
 .../rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c        | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c
index c94831d..9cf1aff 100644
--- a/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c
+++ b/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c
@@ -233,7 +233,7 @@ static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename)
 	ssize_t		len;
 	int		statement_cnt = 0;
 	char		*buffer;
-	char		*p, *q, *s;
+	char		*p, *q;
 	int		cl;
 	FILE		*f;
 	struct stat	finfo;
@@ -321,20 +321,18 @@ static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename)
 	/*
 	 *	Statement delimiter is ;\n
 	 */
-	s = p = buffer;
+	p = buffer;
 	while ((q = strchr(p, ';'))) {
-		if (q[1] != '\n') {
+		if ((q[1] != '\n') && (q[1] != '\0')) {
 			p = q + 1;
 			statement_cnt++;
 			continue;
 		}
 
-		*q = '\0';
-
 #ifdef HAVE_SQLITE3_PREPARE_V2
-		status = sqlite3_prepare_v2(db, s, len, &statement, &z_tail);
+		status = sqlite3_prepare_v2(db, p, q - p, &statement, &z_tail);
 #else
-		status = sqlite3_prepare(db, s, len, &statement, &z_tail);
+		status = sqlite3_prepare(db, p, q - p, &statement, &z_tail);
 #endif
 
 		if (sql_check_error(db, status) != RLM_SQL_OK) {
@@ -359,7 +357,7 @@ static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename)
 		}
 
 		statement_cnt++;
-		p = s = q + 1;
+		p = q + 1;
 	}
 
 	talloc_free(buffer);
-- 
2.1.4