Menu
▾
▴
[libdbi-devel] [ libdbi-Bugs-2048361 ] dbi_conn_quote_string* functions do not escape quotes
|
From: SourceForge.net <no...@so...> - 2008-08-13 08:41:01
|
Bugs item #2048361, was opened at 2008-08-12 22:38 Message generated for change (Comment added) made by spirit-rc You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=379806&aid=2048361&group_id=23824 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Priority: 5 Private: No Submitted By: Alexander Amelkin (spirit-rc) Assigned to: Nobody/Anonymous (nobody) Summary: dbi_conn_quote_string* functions do not escape quotes Initial Comment: This code: ---------------------- char *username="buggyrequest\" and something bad \""; char *username2; ... dbi_conn_quote_string_copy(conn, username, &username2); printf("Username: %s\n"); ---------------------- Results in the following printout: ---------------------- Username: "buggyrequest" and something bad "" ---------------------- Thus, the resulting username2 string can't actually be used in a call like dbi_conn_queryf(conn, "select * from users where username=%s", username2); and will lead to an injection of a malicious SQL code if the original username is supplied by the user. ---------------------------------------------------------------------- >Comment By: Alexander Amelkin (spirit-rc) Date: 2008-08-13 12:41 Message: Logged In: YES user_id=412567 Originator: YES Bug #2049266 has been created for this issue in libdbi-drivers. ---------------------------------------------------------------------- Comment By: Markus Hoenicka (mhoenicka) Date: 2008-08-13 10:47 Message: Logged In: YES user_id=85809 Originator: NO Quoting is handled by each driver individually, as the database engines support different escaping and quoting rules. In order to follow up on this we need to know which drivers are affected. Could you please file a similar bug report at libdbi-drivers (not libdbi) mentioning the affected drivers? I'll then close this item here. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=379806&aid=2048361&group_id=23824 |
