[libdbi-devel] [ libdbi-Bugs-2048361 ] dbi_conn_quote_string* functions do not escape quotes

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Bugs item #2048361, was opened at 2008-08-12 22:38
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=379806&aid=2048361&group_id=23824

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Priority: 5
Private: No
Submitted By: Alexander Amelkin (spirit-rc)
Assigned to: Nobody/Anonymous (nobody)
Summary: dbi_conn_quote_string* functions do not escape quotes

Initial Comment:
This code:
----------------------
char *username="buggyrequest\" and something bad \"";
char *username2;

...

dbi_conn_quote_string_copy(conn, username, &username2);
printf("Username: %s\n");
----------------------

Results in the following printout:

----------------------
Username: "buggyrequest" and something bad ""
----------------------

Thus, the resulting username2 string can't actually be used in a call like

dbi_conn_queryf(conn, "select * from users where username=%s", username2);

and will lead to an injection of a malicious SQL code if the original username is supplied by the user.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=379806&aid=2048361&group_id=23824