1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
diff -Nru freeradius-1.0.2.orig/src/modules/rlm_sql/rlm_sql.c freeradius-1.0.2/src/modules/rlm_sql/rlm_sql.c
--- freeradius-1.0.2.orig/src/modules/rlm_sql/rlm_sql.c 2004-09-30 17:54:22.000000000 +0300
+++ freeradius-1.0.2/src/modules/rlm_sql/rlm_sql.c 2005-05-07 18:54:43.314085504 +0300
@@ -158,6 +158,7 @@
*/
static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username);
static int generate_sql_clients(SQL_INST *inst);
+static int sql_escape_func(char *out, int outlen, const char *in);
/*
* sql xlat function. Right now only SELECTs are supported. Only
@@ -184,7 +185,7 @@
/*
* Do an xlat on the provided string (nice recursive operation).
*/
- if (!radius_xlat(querystr, sizeof(querystr), fmt, request, func)) {
+ if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) {
radlog(L_ERR, "rlm_sql (%s): xlat failed.",
inst->config->xlat_name);
return 0;
@@ -409,18 +410,18 @@
while (in[0]) {
/*
- * Only one byte left.
- */
- if (outlen <= 1) {
- break;
- }
-
- /*
* Non-printable characters get replaced with their
* mime-encoded equivalents.
*/
if ((in[0] < 32) ||
strchr(allowed_chars, *in) == NULL) {
+ /*
+ * Less than 3 bytes left.
+ */
+ if (outlen <= 3) {
+ break;
+ }
+
snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
in++;
out += 3;
@@ -430,6 +431,13 @@
}
/*
+ * Only one byte left.
+ */
+ if (outlen <= 1) {
+ break;
+ }
+
+ /*
* Else it's a nice character.
*/
*out = *in;
@@ -459,7 +467,7 @@
if (username != NULL) {
strNcpy(tmpuser, username, MAX_STRING_LEN);
} else if (strlen(inst->config->query_user)) {
- radius_xlat(tmpuser, sizeof(tmpuser), inst->config->query_user, request, NULL);
+ radius_xlat(tmpuser, sizeof(tmpuser), inst->config->query_user, request, sql_escape_func);
} else {
return 0;
}
@@ -517,7 +525,7 @@
*/
if (sql_set_user(inst, req, sqlusername, 0) < 0)
return 1;
- if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, NULL)){
+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, sql_escape_func)){
radlog(L_ERR, "rlm_sql (%s): xlat failed.",
inst->config->xlat_name);
/* Remove the username we (maybe) added above */
@@ -1149,7 +1157,7 @@
if(sql_set_user(inst, request, sqlusername, 0) <0)
return RLM_MODULE_FAIL;
- radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, NULL);
+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func);
/* initialize the sql socket */
sqlsocket = sql_get_socket(inst);
@@ -1193,7 +1201,7 @@
return RLM_MODULE_OK;
}
- radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, NULL);
+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func);
if(rlm_sql_select_query(sqlsocket, inst, querystr)) {
radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name);
sql_release_socket(inst, sqlsocket);
|
GitWeb