[Bugs] [Bug 1319740] Tiering is not resistant to SQL-injection
bugzilla at redhat.com
bugzilla at redhat.com
Mon Mar 21 14:36:13 UTC 2016
https://bugzilla.redhat.com/show_bug.cgi?id=1319740
--- Comment #3 from Jeff Darcy <jdarcy at redhat.com> ---
(In reply to Jeff Darcy from comment #2)
> A quick scan found three places where we construct query strings using
> variants of sprintf instead of sqlite3_bind_*. Of those, by far the most
> suspicious is gf_sql_update_link_flags, which is the only one where we
> string-substitute a file name. Furthermore, the file name is at the very
> end of the query string, which makes it easier to create a syntactically
> correct but malicious result. Clearly, sqlite_escape_string needs to be
> used here, but there are might be other changes necessary to handle the
> resulting filename correctly in other parts of the code.
I meant to say the moral equivalent of sqlite_escape_string, since that's a PHP
function.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list