Created
March 9, 2015 11:05
-
-
Save akagisho/0d0d148c94616b84a513 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From c59e5732099af0a10a1e88dae624e232eb7ab7d4 Mon Sep 17 00:00:00 2001 | |
| From: akagisho <akagisho@gmail.com> | |
| Date: Mon, 9 Mar 2015 17:59:29 +0900 | |
| Subject: [PATCH] ITS#6461 escape single-quotes in back-sql | |
| --- | |
| servers/slapd/back-sql/proto-sql.h | 2 ++ | |
| servers/slapd/back-sql/search.c | 5 +++++ | |
| servers/slapd/back-sql/util.c | 37 +++++++++++++++++++++++++++++++++++++ | |
| 3 files changed, 44 insertions(+) | |
| diff --git a/servers/slapd/back-sql/proto-sql.h b/servers/slapd/back-sql/proto-sql.h | |
| index 9242bf1..9491527 100644 | |
| --- a/servers/slapd/back-sql/proto-sql.h | |
| +++ b/servers/slapd/back-sql/proto-sql.h | |
| @@ -280,6 +280,8 @@ int backsql_entryUUID_decode( struct berval *entryUUID, unsigned long *oc_id, | |
| #endif /* ! BACKSQL_ARBITRARY_KEY */ | |
| ); | |
| +int backsql_escape_singlequotes( struct berval *bv ); | |
| + | |
| /* | |
| * former external.h | |
| */ | |
| diff --git a/servers/slapd/back-sql/search.c b/servers/slapd/back-sql/search.c | |
| index afd3043..51789c1 100644 | |
| --- a/servers/slapd/back-sql/search.c | |
| +++ b/servers/slapd/back-sql/search.c | |
| @@ -562,6 +562,7 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f, | |
| #endif /* BACKSQL_TRACE */ | |
| start = bsi->bsi_flt_where.bb_val.bv_len; | |
| + backsql_escape_singlequotes( &f->f_sub_initial ); | |
| backsql_strfcat_x( &bsi->bsi_flt_where, | |
| bsi->bsi_op->o_tmpmemctx, | |
| "b", | |
| @@ -587,6 +588,7 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f, | |
| #endif /* BACKSQL_TRACE */ | |
| start = bsi->bsi_flt_where.bb_val.bv_len; | |
| + backsql_escape_singlequotes( &f->f_sub_any[ i ] ); | |
| backsql_strfcat_x( &bsi->bsi_flt_where, | |
| bsi->bsi_op->o_tmpmemctx, | |
| "bc", | |
| @@ -612,6 +614,7 @@ backsql_process_sub_filter( backsql_srch_info *bsi, Filter *f, | |
| #endif /* BACKSQL_TRACE */ | |
| start = bsi->bsi_flt_where.bb_val.bv_len; | |
| + backsql_escape_singlequotes( &f->f_sub_final ); | |
| backsql_strfcat_x( &bsi->bsi_flt_where, | |
| bsi->bsi_op->o_tmpmemctx, | |
| "b", | |
| @@ -1084,6 +1087,8 @@ static int | |
| backsql_process_filter_eq( backsql_srch_info *bsi, backsql_at_map_rec *at, | |
| int casefold, struct berval *filter_value ) | |
| { | |
| + backsql_escape_singlequotes( filter_value ); | |
| + | |
| /* | |
| * maybe we should check type of at->sel_expr here somehow, | |
| * to know whether upper_func is applicable, but for now | |
| diff --git a/servers/slapd/back-sql/util.c b/servers/slapd/back-sql/util.c | |
| index bdc22d8..007b963 100644 | |
| --- a/servers/slapd/back-sql/util.c | |
| +++ b/servers/slapd/back-sql/util.c | |
| @@ -572,3 +572,40 @@ backsql_entryUUID_decode( | |
| return LDAP_SUCCESS; | |
| } | |
| +int | |
| +backsql_escape_singlequotes( struct berval *bv ) | |
| +{ | |
| + char *s, *n, *str, *new; | |
| + int len, cnt = 0; | |
| + | |
| + str = bv->bv_val; | |
| + | |
| + if ( !str ) { | |
| + return -1; | |
| + } | |
| + | |
| + for ( s = str; *s; s++ ) { | |
| + if ( *s == '\'' ) { | |
| + cnt++; | |
| + } | |
| + } | |
| + | |
| + if ( cnt > 0 ) { | |
| + len = strlen(str); | |
| + new = (char *) malloc(sizeof(char) * (len + cnt + 1)); | |
| + for ( s = str, n = new; *s; s++, n++ ) { | |
| + if ( *s == '\'' ) { | |
| + *n = '\\'; | |
| + n++; | |
| + } | |
| + *n = *s; | |
| + } | |
| + *n = '\0'; | |
| + | |
| + bv->bv_val = new; | |
| + bv->bv_len = (ber_len_t) (n - new); | |
| + free(str); | |
| + } | |
| + | |
| + return 0; | |
| +} | |
| -- | |
| 2.2.1 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment