BUILD : 1.7.16 (1175) BUGS : 612 NOTES : Fixed a number of MySQL/RDB-related functions which did not correctly escape their arguments

git-svn-id: svn://svn.anope.org/anope/trunk@1175 31f1291d-b8d6-0310-a050-a5561fc1590b git-svn-id: http://anope.svn.sourceforge.net/svnroot/anope/trunk@896 5417fbe8-f217-4b02-8779-1006273d7864
2026-06-30 15:26:38 +02:00 · 2006-10-16 15:05:00 +00:00
parent 6e77a5d94d
commit 2db88fcaf2
6 changed files with 84 additions and 27 deletions
@@ -2,6 +2,7 @@ Anope Version  S V N
 --------------------
 10/15 F MySQL detection now checks for valid values from mysql_config.    [ #00]
 10/15 F Correctly compiling mod_version with module options now.          [ #00]
+10/16 F MySQL functions did not always escape all values correctly.       [#612]

 Anope Version 1.7.16
 --------------------
@@ -490,6 +490,7 @@ E int NumUlines;
 E int rdb_init();
 E int rdb_open();
 E int rdb_close();
+E char *rdb_quote(char *str);
 E int rdb_tag_table(char *table);
 E int rdb_clear_table(char *table);
 E int rdb_scrub_table(char *table, char *clause);
@@ -318,6 +318,7 @@ void delHostCore(char *nick)
 {
 #ifdef USE_RDB
    static char clause[128];
+    char *q_nick;
 #endif
    HostCore *tmp;
    boolean found = false;
@@ -328,10 +329,11 @@ void delHostCore(char *nick)
 #ifdef USE_RDB
        /* Reflect this change in the database right away. */
        if (rdb_open()) {
-
-            snprintf(clause, sizeof(clause), "nick='%s'", nick);
+            q_nick = rdb_quote(nick);
+            snprintf(clause, sizeof(clause), "nick='%s'", q_nick);
            rdb_scrub_table("anope_hs_core", clause);
            rdb_close();
+            free(q_nick);
        }
 #endif

@@ -1406,6 +1406,7 @@ static int delcore(NickCore * nc)
    int i;
 #ifdef USE_RDB
    static char clause[128];
+    char *q_display;
 #endif
    /* (Hopefully complete) cleanup */
    cs_remove_nick(nc);
@@ -1425,17 +1426,18 @@ static int delcore(NickCore * nc)
 #ifdef USE_RDB
    /* Reflect this change in the database right away. */
    if (rdb_open()) {
-
-        snprintf(clause, sizeof(clause), "display='%s'", nc->display);
+        q_display = rdb_quote(nc->display);
+        snprintf(clause, sizeof(clause), "display='%s'", q_display);
        rdb_scrub_table("anope_ns_access", clause);
        rdb_scrub_table("anope_ns_core", clause);
        rdb_scrub_table("anope_cs_access", clause);
        /* I'm unsure how to clean up the OS ADMIN/OPER list on the db */
        /* I wish the "display" primary key would be the same on all tables */
        snprintf(clause, sizeof(clause), "receiver='%s' AND serv='NICK'",
-                 nc->display);
+                 q_display);
        rdb_scrub_table("anope_ms_info", clause);
        rdb_close();
+        free(q_display);
    }
 #endif

@@ -1509,6 +1511,7 @@ int delnick(NickAlias * na)
 {
 #ifdef USE_RDB
    static char clause[128];
+    char *q_nick;
 #endif
    /* First thing to do: remove any timeout belonging to the nick we're deleting */
    clean_ns_timeouts(na);
@@ -1552,10 +1555,11 @@ int delnick(NickAlias * na)
 #ifdef USE_RDB
    /* Reflect this change in the database right away. */
    if (rdb_open()) {
-
-        snprintf(clause, sizeof(clause), "nick='%s'", na->nick);
+        q_nick = rdb_quote(na->nick);
+        snprintf(clause, sizeof(clause), "nick='%s'", q_nick);
        rdb_scrub_table("anope_ns_alias", clause);
        rdb_close();
+        free(q_nick);
    }
 #endif

@@ -48,6 +48,15 @@ int rdb_close()

 /*************************************************************************/

+char *rdb_quote(char *str)
+{
+#ifdef USE_MYSQL
+    return db_mysql_quote(str);
+#endif
+}
+
+/*************************************************************************/
+
 int rdb_tag_table(char *table)
 {
    static char buf[1024];
@@ -114,48 +123,56 @@ int rdb_direct_query(char *query)
 int rdb_ns_set_display(char *newnick, char *oldnick)
 {
    static char buf[1024];
+    char *q_newnick;
+    char *q_oldnick;
+
+    q_newnick = rdb_quote(newnick);
+    q_oldnick = rdb_quote(oldnick);

 #ifdef USE_MYSQL
    /* Change the display on NS_CORE */
    snprintf(buf, sizeof(buf),
             "UPDATE anope_ns_core SET display='%s' WHERE display='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
    db_mysql_query(buf);

    /* Change the display on NS_ALIAS for all grouped nicks */
    snprintf(buf, sizeof(buf),
             "UPDATE anope_ns_alias SET display='%s' WHERE display='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
    db_mysql_query(buf);

    /* Change the display on ChanServ ACCESS list */
    snprintf(buf, sizeof(buf),
             "UPDATE anope_cs_access SET display='%s' WHERE display='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
    db_mysql_query(buf);

    /* Change the display on ChanServ AKICK list */
    snprintf(buf, sizeof(buf),
             "UPDATE anope_cs_akicks SET creator='%s' WHERE creator='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
    db_mysql_query(buf);

    /* Change the display on MemoServ sent memos */
    snprintf(buf, sizeof(buf),
             "UPDATE anope_ms_info SET sender='%s' WHERE sender='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
    db_mysql_query(buf);

    /* Change the display on MemoServ received memos */
    snprintf(buf, sizeof(buf),
             "UPDATE anope_ms_info SET receiver='%s' WHERE receiver='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
    db_mysql_query(buf);

    /* Need to do bwords and akills */

 #endif

+    free(q_newnick);
+    free(q_oldnick);
+
    return 0;
 }

@@ -164,21 +181,28 @@ int rdb_ns_set_display(char *newnick, char *oldnick)
 int rdb_cs_deluser(char *nick)
 {
    static char buf[1024];
+    char *q_nick;
+
+    q_nick = rdb_quote(nick);

 #ifdef USE_MYSQL
    snprintf(buf, sizeof(buf),
             "UPDATE anope_cs_info SET successor=NULL WHERE successor='%s'",
-             nick);
+             q_nick);
    db_mysql_query(buf);

-    snprintf(buf, sizeof(buf), "display='%s'", nick);
+    snprintf(buf, sizeof(buf), "display='%s'", q_nick);
    rdb_scrub_table("anope_cs_access", buf);
-    snprintf(buf, sizeof(buf), "creator='%s'", nick);
+    snprintf(buf, sizeof(buf), "creator='%s'", q_nick);
    rdb_scrub_table("anope_cs_akicks", buf);

+    free(q_nick);
+
    return 1;
 #endif

+    free(q_nick);
+
    return 0;
 }

@@ -187,19 +211,23 @@ int rdb_cs_deluser(char *nick)
 int rdb_cs_delchan(ChannelInfo * ci)
 {
    static char buf[1024];
-    char *channel = ci->name;
+    char *q_channel;
+    char *q_founder;
+
+    q_channel = rdb_quote(ci->name);
+    q_founder = rdb_quote(ci->founder->display);

 #ifdef USE_MYSQL
    snprintf(buf, sizeof(buf),
             "UPDATE anope_cs_info SET successor=NULL WHERE name='%s'",
-             channel);
+             q_channel);
    db_mysql_query(buf);

-    snprintf(buf, sizeof(buf), "name='%s'", channel);
+    snprintf(buf, sizeof(buf), "name='%s'", q_channel);
    rdb_scrub_table("anope_cs_info", buf);
-    snprintf(buf, sizeof(buf), "receiver='%s' AND serv='CHAN'", channel);
+    snprintf(buf, sizeof(buf), "receiver='%s' AND serv='CHAN'", q_channel);
    rdb_scrub_table("anope_ms_info", buf);
-    snprintf(buf, sizeof(buf), "channel='%s'", channel);
+    snprintf(buf, sizeof(buf), "channel='%s'", q_channel);
    rdb_scrub_table("anope_cs_access", buf);
    rdb_scrub_table("anope_cs_akicks", buf);
    rdb_scrub_table("anope_cs_levels", buf);
@@ -207,13 +235,19 @@ int rdb_cs_delchan(ChannelInfo * ci)
    if (ci->founder) {
        snprintf(buf, sizeof(buf),
                 "update anope_ns_core set channelcount=channelcount-1 where display='%s'",
-                 ci->founder->display);
+                 q_founder);
        db_mysql_query(buf);
    }

+    free(q_channel);
+    free(q_founder);
+
    return 1;
 #endif

+    free(q_channel);
+    free(q_founder);
+
    return 0;
 }

@@ -222,26 +256,37 @@ int rdb_cs_delchan(ChannelInfo * ci)
 int rdb_cs_set_founder(char *channel, char *founder)
 {
    static char buf[1024];
+    char *q_channel;
+    char *q_founder;
+
+    q_channel = rdb_quote(channel);
+    q_founder = rdb_quote(founder);

 #ifdef USE_MYSQL
    snprintf(buf, sizeof(buf),
             "UPDATE anope_cs_info SET founder='%s', successor=NULL WHERE name='%s'",
-             founder, channel);
+             q_founder, q_channel);
    db_mysql_query(buf);

    snprintf(buf, sizeof(buf),
             "UPDATE anope_ns_core SET channelcount=channelcount+1 WHERE display='%s'",
-             founder);
+             q_founder);
    db_mysql_query(buf);

    /* Do i need to scrub the access list for this channel ? */
-    snprintf(buf, sizeof(buf), "display='%s' AND channel='%s'", founder,
-             channel);
+    snprintf(buf, sizeof(buf), "display='%s' AND channel='%s'", q_founder,
+             q_channel);
    rdb_scrub_table("anope_cs_access", buf);

+    free(q_channel);
+    free(q_founder);
+
    return 1;
 #endif

+    free(q_channel);
+    free(q_founder);
+
    return 0;
 }

@@ -9,10 +9,14 @@ VERSION_MAJOR="1"
 VERSION_MINOR="7"
 VERSION_PATCH="16"
 VERSION_EXTRA="-svn"
-VERSION_BUILD="1174"
+VERSION_BUILD="1175"

 # $Log$
 #
+# BUILD : 1.7.16 (1175)
+# BUGS  : 612
+# NOTES : Fixed a number of MySQL/RDB-related functions which did not correctly escape their arguments
+#
 # BUILD : 1.7.16 (1174)
 # BUGS  : 
 # NOTES : Fixed src/mod_version.c to be compiled with module options and added an additional check to see if the values returned by mysql_config are valid