[Bugs] [Bug 1319740] Tiering is not resistant to SQL-injection
bugzilla at redhat.com
bugzilla at redhat.com
Mon Mar 21 14:27:30 UTC 2016
https://bugzilla.redhat.com/show_bug.cgi?id=1319740
Jeff Darcy <jdarcy at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jdarcy at redhat.com
--- Comment #2 from Jeff Darcy <jdarcy at redhat.com> ---
A quick scan found three places where we construct query strings using variants
of sprintf instead of sqlite3_bind_*. Of those, by far the most suspicious is
gf_sql_update_link_flags, which is the only one where we string-substitute a
file name. Furthermore, the file name is at the very end of the query string,
which makes it easier to create a syntactically correct but malicious result.
Clearly, sqlite_escape_string needs to be used here, but there are might be
other changes necessary to handle the resulting filename correctly in other
parts of the code.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list