Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Alexandre Rostovtsev (tetromino)" <tetromino@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in x11-misc/colord/files: colord-0.1.14-sql-injections-2.patch colord-0.1.14-sql-injections.patch
Date: Fri, 25 Nov 2011 18:15:38
Message-Id: 20111125181524.17E5A2004C@flycatcher.gentoo.org
1 tetromino 11/11/25 18:15:24
2
3 Added: colord-0.1.14-sql-injections-2.patch
4 colord-0.1.14-sql-injections.patch
5 Log:
6 Add patches to fix SQL injections (bug #391879, thanks to Agostino Sarubbo for reporting). Allow building against freebsd's libusb (bug #387959, thanks to Naohiro Aota). Drop old versions.
7
8 (Portage version: 2.2.0_alpha77/cvs/Linux x86_64)
9
10 Revision Changes Path
11 1.1 x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch?rev=1.1&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch?rev=1.1&content-type=text/plain
15
16 Index: colord-0.1.14-sql-injections-2.patch
17 ===================================================================
18 From 36549e0ed255e7dfa7852d08a75dd5f00cbd270e Mon Sep 17 00:00:00 2001
19 From: Ludwig Nussel <ludwig.nussel@××××.de>
20 Date: Fri, 25 Nov 2011 11:14:21 +0100
21 Subject: [PATCH] fix more sql injections
22
23 https://bugs.freedesktop.org/show_bug.cgi?id=42904
24
25 Signed-off-by: Richard Hughes <richard@×××××××.com>
26 ---
27 src/cd-device-db.c | 42 +++++++++++++++++++++---------------------
28 1 files changed, 21 insertions(+), 21 deletions(-)
29
30 diff --git a/src/cd-device-db.c b/src/cd-device-db.c
31 index 808a338..e69fa64 100644
32 --- a/src/cd-device-db.c
33 +++ b/src/cd-device-db.c
34 @@ -151,8 +151,8 @@ cd_device_db_add (CdDeviceDb *ddb,
35 g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
36
37 g_debug ("CdDeviceDb: add device %s", device_id);
38 - statement = g_strdup_printf ("INSERT INTO devices (device_id) "
39 - "VALUES ('%s')",
40 + statement = sqlite3_mprintf ("INSERT INTO devices (device_id) "
41 + "VALUES ('%q')",
42 device_id);
43
44 /* insert the entry */
45 @@ -168,7 +168,7 @@ cd_device_db_add (CdDeviceDb *ddb,
46 goto out;
47 }
48 out:
49 - g_free (statement);
50 + sqlite3_free (statement);
51 return ret;
52 }
53
54 @@ -191,9 +191,9 @@ cd_device_db_set_property (CdDeviceDb *ddb,
55 g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
56
57 g_debug ("CdDeviceDb: add device %s [%s=%s]", device_id, property, value);
58 - statement = g_strdup_printf ("INSERT INTO properties (device_id, "
59 + statement = sqlite3_mprintf ("INSERT INTO properties (device_id, "
60 "property, value) "
61 - "VALUES ('%s', '%s', '%s')",
62 + "VALUES ('%q', '%q', '%q')",
63 device_id, property, value);
64
65 /* insert the entry */
66 @@ -209,7 +209,7 @@ cd_device_db_set_property (CdDeviceDb *ddb,
67 goto out;
68 }
69 out:
70 - g_free (statement);
71 + sqlite3_free (statement);
72 return ret;
73 }
74
75 @@ -232,8 +232,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
76
77 /* remove the entry */
78 g_debug ("CdDeviceDb: remove device %s", device_id);
79 - statement1 = g_strdup_printf ("DELETE FROM devices WHERE "
80 - "device_id = '%s';",
81 + statement1 = sqlite3_mprintf ("DELETE FROM devices WHERE "
82 + "device_id = '%q';",
83 device_id);
84 rc = sqlite3_exec (ddb->priv->db, statement1, NULL, NULL, &error_msg);
85 if (rc != SQLITE_OK) {
86 @@ -246,8 +246,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
87 ret = FALSE;
88 goto out;
89 }
90 - statement2 = g_strdup_printf ("DELETE FROM properties WHERE "
91 - "device_id = '%s';",
92 + statement2 = sqlite3_mprintf ("DELETE FROM properties WHERE "
93 + "device_id = '%q';",
94 device_id);
95 rc = sqlite3_exec (ddb->priv->db, statement2, NULL, NULL, &error_msg);
96 if (rc != SQLITE_OK) {
97 @@ -261,8 +261,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
98 goto out;
99 }
100 out:
101 - g_free (statement1);
102 - g_free (statement2);
103 + sqlite3_free (statement1);
104 + sqlite3_free (statement2);
105 return ret;
106 }
107
108 @@ -302,9 +302,9 @@ cd_device_db_get_property (CdDeviceDb *ddb,
109 g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
110
111 g_debug ("CdDeviceDb: get property %s for %s", property, device_id);
112 - statement = g_strdup_printf ("SELECT value FROM properties WHERE "
113 - "device_id = '%s' AND "
114 - "property = '%s' LIMIT 1;",
115 + statement = sqlite3_mprintf ("SELECT value FROM properties WHERE "
116 + "device_id = '%q' AND "
117 + "property = '%q' LIMIT 1;",
118 device_id, property);
119
120 /* remove the entry */
121 @@ -338,7 +338,7 @@ cd_device_db_get_property (CdDeviceDb *ddb,
122 value = g_strdup (g_ptr_array_index (array_tmp, 0));
123 out:
124 g_ptr_array_unref (array_tmp);
125 - g_free (statement);
126 + sqlite3_free (statement);
127 return value;
128 }
129
130 @@ -360,7 +360,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb,
131
132 /* get all the devices */
133 g_debug ("CdDeviceDb: get devices");
134 - statement = g_strdup_printf ("SELECT device_id FROM devices;");
135 + statement = sqlite3_mprintf ("SELECT device_id FROM devices;");
136 array_tmp = g_ptr_array_new_with_free_func (g_free);
137 rc = sqlite3_exec (ddb->priv->db,
138 statement,
139 @@ -381,7 +381,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb,
140 array = g_ptr_array_ref (array_tmp);
141 out:
142 g_ptr_array_unref (array_tmp);
143 - g_free (statement);
144 + sqlite3_free (statement);
145 return array;
146 }
147
148 @@ -404,8 +404,8 @@ cd_device_db_get_properties (CdDeviceDb *ddb,
149
150 /* get all the devices */
151 g_debug ("CdDeviceDb: get properties for device %s", device_id);
152 - statement = g_strdup_printf ("SELECT property FROM properties "
153 - "WHERE device_id = '%s';",
154 + statement = sqlite3_mprintf ("SELECT property FROM properties "
155 + "WHERE device_id = '%q';",
156 device_id);
157 array_tmp = g_ptr_array_new_with_free_func (g_free);
158 rc = sqlite3_exec (ddb->priv->db,
159 @@ -427,7 +427,7 @@ cd_device_db_get_properties (CdDeviceDb *ddb,
160 array = g_ptr_array_ref (array_tmp);
161 out:
162 g_ptr_array_unref (array_tmp);
163 - g_free (statement);
164 + sqlite3_free (statement);
165 return array;
166 }
167
168 --
169 1.7.8.rc3
170
171
172
173
174 1.1 x11-misc/colord/files/colord-0.1.14-sql-injections.patch
175
176 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-misc/colord/files/colord-0.1.14-sql-injections.patch?rev=1.1&view=markup
177 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-misc/colord/files/colord-0.1.14-sql-injections.patch?rev=1.1&content-type=text/plain
178
179 Index: colord-0.1.14-sql-injections.patch
180 ===================================================================
181 From 1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b Mon Sep 17 00:00:00 2001
182 From: Vincent Untz <vuntz@×××××.org>
183 Date: Mon, 14 Nov 2011 10:51:29 +0100
184 Subject: [PATCH] Use sqlite3_mprintf() to avoid SQL injections
185
186 https://bugs.freedesktop.org/show_bug.cgi?id=42904
187
188 Signed-off-by: Richard Hughes <richard@×××××××.com>
189 ---
190 src/cd-mapping-db.c | 36 ++++++++++++++++++------------------
191 1 files changed, 18 insertions(+), 18 deletions(-)
192
193 diff --git a/src/cd-mapping-db.c b/src/cd-mapping-db.c
194 index 6e1f4f3..e59a058 100644
195 --- a/src/cd-mapping-db.c
196 +++ b/src/cd-mapping-db.c
197 @@ -162,8 +162,8 @@ cd_mapping_db_add (CdMappingDb *mdb,
198 g_debug ("CdMappingDb: add %s<=>%s",
199 device_id, profile_id);
200 timestamp = g_get_real_time ();
201 - statement = g_strdup_printf ("INSERT INTO mappings (device, profile, timestamp) "
202 - "VALUES ('%s', '%s', %"G_GINT64_FORMAT")",
203 + statement = sqlite3_mprintf ("INSERT INTO mappings (device, profile, timestamp) "
204 + "VALUES ('%q', '%q', %"G_GINT64_FORMAT")",
205 device_id, profile_id, timestamp);
206
207 /* insert the entry */
208 @@ -179,7 +179,7 @@ cd_mapping_db_add (CdMappingDb *mdb,
209 goto out;
210 }
211 out:
212 - g_free (statement);
213 + sqlite3_free (statement);
214 return ret;
215 }
216 /**
217 @@ -203,8 +203,8 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb,
218 g_debug ("CdMappingDb: update timestamp %s<=>%s",
219 device_id, profile_id);
220 timestamp = g_get_real_time ();
221 - statement = g_strdup_printf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT
222 - " WHERE device = '%s' AND profile = '%s';",
223 + statement = sqlite3_mprintf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT
224 + " WHERE device = '%q' AND profile = '%q';",
225 timestamp, device_id, profile_id);
226
227 /* update the entry */
228 @@ -220,7 +220,7 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb,
229 goto out;
230 }
231 out:
232 - g_free (statement);
233 + sqlite3_free (statement);
234 return ret;
235 }
236
237 @@ -242,8 +242,8 @@ cd_mapping_db_remove (CdMappingDb *mdb,
238 g_return_val_if_fail (mdb->priv->db != NULL, FALSE);
239
240 g_debug ("CdMappingDb: remove %s<=>%s", device_id, profile_id);
241 - statement = g_strdup_printf ("DELETE FROM mappings WHERE "
242 - "device = '%s' AND profile = '%s';",
243 + statement = sqlite3_mprintf ("DELETE FROM mappings WHERE "
244 + "device = '%q' AND profile = '%q';",
245 device_id, profile_id);
246
247 /* remove the entry */
248 @@ -259,7 +259,7 @@ cd_mapping_db_remove (CdMappingDb *mdb,
249 goto out;
250 }
251 out:
252 - g_free (statement);
253 + sqlite3_free (statement);
254 return ret;
255 }
256
257 @@ -301,8 +301,8 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb,
258 g_return_val_if_fail (mdb->priv->db != NULL, FALSE);
259
260 g_debug ("CdMappingDb: get profiles for %s", device_id);
261 - statement = g_strdup_printf ("SELECT profile FROM mappings WHERE "
262 - "device = '%s' ORDER BY timestamp ASC;", device_id);
263 + statement = sqlite3_mprintf ("SELECT profile FROM mappings WHERE "
264 + "device = '%q' ORDER BY timestamp ASC;", device_id);
265
266 /* remove the entry */
267 array_tmp = g_ptr_array_new_with_free_func (g_free);
268 @@ -325,7 +325,7 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb,
269 array = g_ptr_array_ref (array_tmp);
270 out:
271 g_ptr_array_unref (array_tmp);
272 - g_free (statement);
273 + sqlite3_free (statement);
274 return array;
275 }
276
277 @@ -350,8 +350,8 @@ cd_mapping_db_get_devices (CdMappingDb *mdb,
278 g_return_val_if_fail (mdb->priv->db != NULL, FALSE);
279
280 g_debug ("CdMappingDb: get devices for %s", profile_id);
281 - statement = g_strdup_printf ("SELECT device FROM mappings WHERE "
282 - "profile = '%s' ORDER BY timestamp ASC;", profile_id);
283 + statement = sqlite3_mprintf ("SELECT device FROM mappings WHERE "
284 + "profile = '%q' ORDER BY timestamp ASC;", profile_id);
285
286 /* remove the entry */
287 array_tmp = g_ptr_array_new_with_free_func (g_free);
288 @@ -374,7 +374,7 @@ cd_mapping_db_get_devices (CdMappingDb *mdb,
289 array = g_ptr_array_ref (array_tmp);
290 out:
291 g_ptr_array_unref (array_tmp);
292 - g_free (statement);
293 + sqlite3_free (statement);
294 return array;
295 }
296
297 @@ -416,8 +416,8 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb,
298
299 g_debug ("CdMappingDb: get checksum for %s<->%s",
300 device_id, profile_id);
301 - statement = g_strdup_printf ("SELECT timestamp FROM mappings WHERE "
302 - "device = '%s' AND profile = '%s' "
303 + statement = sqlite3_mprintf ("SELECT timestamp FROM mappings WHERE "
304 + "device = '%q' AND profile = '%q' "
305 "LIMIT 1;", device_id, profile_id);
306
307 /* query the checksum */
308 @@ -436,7 +436,7 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb,
309 goto out;
310 }
311 out:
312 - g_free (statement);
313 + sqlite3_free (statement);
314 return timestamp;
315 }
316
317 --
318 1.7.8.rc3
Report Message
Find on MARC Find on Google Groups