sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-05-29 17:36:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
ports/security/cyrus-sasl2/files/patch-plugins__sql.c
Hajimu UMEMOTO c4eb47c93f security/cyrus-sasl2-sql: Escape password for SQL insert/update commands 
Obtained from:	2d2e97b0eb
Security:	CVE-2022-24407
2022-02-23 11:34:14 +09:00

66 lines
2.1 KiB
C
Raw Blame History

--- plugins/sql.c.orig 2016-12-10 15:45:55 UTC
+++ plugins/sql.c
@@ -1150,6 +1150,7 @@ static int sql_auxprop_store(void *glob_context,
char *statement = NULL;
char *escap_userid = NULL;
char *escap_realm = NULL;
+ char *escap_passwd = NULL;
const char *cmd;
sql_settings_t *settings;
@@ -1221,6 +1222,11 @@ static int sql_auxprop_store(void *glob_context,
"Unable to begin transaction\n");
}
for (cur = to_store; ret == SASL_OK && cur->name; cur++) {
+ /* Free the buffer, current content is from previous loop. */
+ if (escap_passwd) {
+ sparams->utils->free(escap_passwd);
+ escap_passwd = NULL;
+ }
if (cur->name[0] == '*') {
continue;
@@ -1242,19 +1248,32 @@ static int sql_auxprop_store(void *glob_context,
}
sparams->utils->free(statement);
+ if (cur->values[0]) {
+ escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1);
+ if (!escap_passwd) {
+ ret = SASL_NOMEM;
+ break;
+ }
+ settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]);
+ }
+
/* create a statement that we will use */
statement = sql_create_statement(cmd, cur->name, escap_userid,
escap_realm,
- cur->values && cur->values[0] ?
- cur->values[0] : SQL_NULL_VALUE,
+ escap_passwd ?
+ escap_passwd : SQL_NULL_VALUE,
sparams->utils);
+ if (!statement) {
+ ret = SASL_NOMEM;
+ break;
+ }
{
char *log_statement =
sql_create_statement(cmd, cur->name,
escap_userid,
escap_realm,
- cur->values && cur->values[0] ?
+ escap_passwd ?
"<omitted>" : SQL_NULL_VALUE,
sparams->utils);
sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
@@ -1287,6 +1306,7 @@ static int sql_auxprop_store(void *glob_context,
done:
if (escap_userid) sparams->utils->free(escap_userid);
if (escap_realm) sparams->utils->free(escap_realm);
+ if (escap_passwd) sparams->utils->free(escap_passwd);
if (conn) settings->sql_engine->sql_close(conn);
if (userid) sparams->utils->free(userid);
if (realm) sparams->utils->free(realm);
Reference in a new issue View git blame Copy permalink