prevent sql injection by using sqlite formatter on various code that generates sql stmts with switch_snprintf
This commit is contained in:
Anthony Minessale
parent
cbfe83cc8f
commit
256a6264d4
|
|
@ -4078,11 +4078,11 @@ SWITCH_STANDARD_API(show_function)
|
|||
holder.print_title = 0;
|
||||
if ((cmdname = strchr(command, ' ')) && strcasecmp(cmdname, "as")) {
|
||||
*cmdname++ = '\0';
|
||||
switch_snprintf(sql, sizeof(sql) - 1,
|
||||
"select name, syntax, description, ikey from interfaces where hostname='%s' and type = 'api' and name = '%s' order by name",
|
||||
switch_snprintfv(sql, sizeof(sql),
|
||||
"select name, syntax, description, ikey from interfaces where hostname='%s' and type = 'api' and name = '%q' order by name",
|
||||
hostname, cmdname);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql) - 1, "select name, syntax, description, ikey from interfaces where hostname='%s' and type = 'api' order by name", hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "select name, syntax, description, ikey from interfaces where hostname='%q' and type = 'api' order by name", hostname);
|
||||
}
|
||||
} else if (!strcasecmp(command, "nat_map")) {
|
||||
switch_snprintf(sql, sizeof(sql) - 1,
|
||||
|
|
|
|||
|
|
@ -2016,10 +2016,10 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p
|
|||
"username='%s' and domain='%s' and flags='save'",
|
||||
(long) switch_epoch_time_now(NULL), myid, domain_name);
|
||||
vm_execute_sql(profile, sql, profile->mutex);
|
||||
switch_snprintf(sql, sizeof(sql), "select file_path from voicemail_msgs where username='%s' and domain='%s' and flags='delete'", myid,
|
||||
switch_snprintfv(sql, sizeof(sql), "select file_path from voicemail_msgs where username='%q' and domain='%q' and flags='delete'", myid,
|
||||
domain_name);
|
||||
vm_execute_sql_callback(profile, profile->mutex, sql, unlink_callback, NULL);
|
||||
switch_snprintf(sql, sizeof(sql), "delete from voicemail_msgs where username='%s' and domain='%s' and flags='delete'", myid, domain_name);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from voicemail_msgs where username='%q' and domain='%q' and flags='delete'", myid, domain_name);
|
||||
vm_execute_sql(profile, sql, profile->mutex);
|
||||
vm_check_state = VM_CHECK_FOLDER_SUMMARY;
|
||||
|
||||
|
|
@ -2305,7 +2305,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p
|
|||
}
|
||||
|
||||
thepass = thehash = NULL;
|
||||
switch_snprintf(sql, sizeof(sql), "select * from voicemail_prefs where username='%s' and domain='%s'", myid, domain_name);
|
||||
switch_snprintfv(sql, sizeof(sql), "select * from voicemail_prefs where username='%q' and domain='%q'", myid, domain_name);
|
||||
vm_execute_sql_callback(profile, profile->mutex, sql, prefs_callback, &cbt);
|
||||
|
||||
x_params = switch_xml_child(x_user, "variables");
|
||||
|
|
@ -3225,7 +3225,7 @@ static switch_status_t voicemail_leave_main(switch_core_session_t *session, vm_p
|
|||
goto end;
|
||||
}
|
||||
|
||||
switch_snprintf(sql, sizeof(sql), "select * from voicemail_prefs where username='%s' and domain='%s'", id, domain_name);
|
||||
switch_snprintfv(sql, sizeof(sql), "select * from voicemail_prefs where username='%q' and domain='%q'", id, domain_name);
|
||||
vm_execute_sql_callback(profile, profile->mutex, sql, prefs_callback, &cbt);
|
||||
|
||||
if (!vm_ext) {
|
||||
|
|
@ -3327,7 +3327,7 @@ static switch_status_t voicemail_leave_main(switch_core_session_t *session, vm_p
|
|||
callback.buf = disk_usage;
|
||||
callback.len = sizeof(disk_usage);
|
||||
|
||||
switch_snprintf(sqlstmt, sizeof(sqlstmt), "select sum(message_len) from voicemail_msgs where username='%s' and domain='%s'", id, domain_name);
|
||||
switch_snprintfv(sqlstmt, sizeof(sqlstmt), "select sum(message_len) from voicemail_msgs where username='%q' and domain='%q'", id, domain_name);
|
||||
vm_execute_sql_callback(profile, profile->mutex, sqlstmt, sql2str_callback, &callback);
|
||||
|
||||
if (atoi(disk_usage) >= disk_quota) {
|
||||
|
|
@ -3633,7 +3633,7 @@ SWITCH_STANDARD_API(prefs_api_function)
|
|||
|
||||
}
|
||||
|
||||
switch_snprintf(sql, sizeof(sql), "select * from voicemail_prefs where username='%s' and domain='%s'", id, domain);
|
||||
switch_snprintfv(sql, sizeof(sql), "select * from voicemail_prefs where username='%q' and domain='%q'", id, domain);
|
||||
vm_execute_sql_callback(profile, profile->mutex, sql, prefs_callback, &cbt);
|
||||
|
||||
if (!strcasecmp(how, "greeting_path")) {
|
||||
|
|
|
|||
|
|
@ -676,10 +676,10 @@ void sofia_reg_check_expire(sofia_profile_t *profile, time_t now, int reboot)
|
|||
|
||||
sofia_glue_execute_sql_callback(profile, NULL, sql, sofia_reg_del_callback, profile);
|
||||
if (now) {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_registrations where expires > 0 and expires <= %ld and hostname='%s'",
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_registrations where expires > 0 and expires <= %ld and hostname='%q'",
|
||||
(long) now, mod_sofia_globals.hostname);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_registrations where expires > 0 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_registrations where expires > 0 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
}
|
||||
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
|
@ -687,11 +687,11 @@ void sofia_reg_check_expire(sofia_profile_t *profile, time_t now, int reboot)
|
|||
|
||||
|
||||
if (now) {
|
||||
switch_snprintf(sql, sizeof(sql), "select call_id from sip_shared_appearance_dialogs where hostname='%s' "
|
||||
switch_snprintfv(sql, sizeof(sql), "select call_id from sip_shared_appearance_dialogs where hostname='%q' "
|
||||
"and profile_name='%s' and expires <= %ld", mod_sofia_globals.hostname, profile->name, (long) now);
|
||||
|
||||
sofia_glue_execute_sql_callback(profile, NULL, sql, sofia_sla_dialog_del_callback, profile);
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_shared_appearance_dialogs where expires > 0 and hostname='%s' and expires <= %ld",
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_shared_appearance_dialogs where expires > 0 and hostname='%q' and expires <= %ld",
|
||||
mod_sofia_globals.hostname, (long) now);
|
||||
|
||||
|
||||
|
|
@ -700,19 +700,19 @@ void sofia_reg_check_expire(sofia_profile_t *profile, time_t now, int reboot)
|
|||
|
||||
|
||||
if (now) {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_presence where expires > 0 and expires <= %ld and hostname='%s'",
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_presence where expires > 0 and expires <= %ld and hostname='%q'",
|
||||
(long) now, mod_sofia_globals.hostname);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_presence where expires > 0 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_presence where expires > 0 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
}
|
||||
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
||||
if (now) {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_authentication where expires > 0 and expires <= %ld and hostname='%s'",
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_authentication where expires > 0 and expires <= %ld and hostname='%q'",
|
||||
(long) now, mod_sofia_globals.hostname);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_authentication where expires > 0 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_authentication where expires > 0 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
}
|
||||
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
|
@ -722,27 +722,27 @@ void sofia_reg_check_expire(sofia_profile_t *profile, time_t now, int reboot)
|
|||
"select call_id from sip_subscriptions where (expires = -1 or (expires > 0 and expires <= %ld)) and hostname='%s'", (long) now,
|
||||
mod_sofia_globals.hostname);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql), "select sub_to_user,sub_to_host,call_id from sip_subscriptions where expires >= -1 and hostname='%s'",
|
||||
switch_snprintfv(sql, sizeof(sql), "select sub_to_user,sub_to_host,call_id from sip_subscriptions where expires >= -1 and hostname='%q'",
|
||||
mod_sofia_globals.hostname);
|
||||
}
|
||||
|
||||
sofia_glue_execute_sql_callback(profile, NULL, sql, sofia_sub_del_callback, profile);
|
||||
|
||||
if (now) {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_subscriptions where (expires = -1 or (expires > 0 and expires <= %ld)) and hostname='%s'",
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_subscriptions where (expires = -1 or (expires > 0 and expires <= %ld)) and hostname='%q'",
|
||||
(long) now, mod_sofia_globals.hostname);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_subscriptions where expires >= -1 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_subscriptions where expires >= -1 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
}
|
||||
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
||||
|
||||
if (now) {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_dialogs where (expires = -1 or (expires > 0 and expires <= %ld)) and hostname='%s'",
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_dialogs where (expires = -1 or (expires > 0 and expires <= %ld)) and hostname='%q'",
|
||||
(long) now, mod_sofia_globals.hostname);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_dialogs where expires >= -1 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_dialogs where expires >= -1 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
}
|
||||
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
|
@ -833,24 +833,24 @@ void sofia_reg_check_sync(sofia_profile_t *profile)
|
|||
|
||||
|
||||
sofia_glue_execute_sql_callback(profile, NULL, sql, sofia_reg_del_callback, profile);
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_registrations where expires > 0 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_registrations where expires > 0 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
||||
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_presence where expires > 0 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_presence where expires > 0 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_authentication where expires > 0 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_authentication where expires > 0 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
||||
switch_snprintf(sql, sizeof(sql), "select sub_to_user,sub_to_host,call_id from sip_subscriptions where expires >= -1 and hostname='%s'",
|
||||
switch_snprintfv(sql, sizeof(sql), "select sub_to_user,sub_to_host,call_id from sip_subscriptions where expires >= -1 and hostname='%q'",
|
||||
mod_sofia_globals.hostname);
|
||||
sofia_glue_execute_sql_callback(profile, NULL, sql, sofia_sub_del_callback, profile);
|
||||
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_subscriptions where expires >= -1 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_subscriptions where expires >= -1 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
||||
switch_snprintf(sql, sizeof(sql), "delete from sip_dialogs where expires >= -1 and hostname='%s'", mod_sofia_globals.hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from sip_dialogs where expires >= -1 and hostname='%q'", mod_sofia_globals.hostname);
|
||||
sofia_glue_actually_execute_sql(profile, sql, NULL);
|
||||
|
||||
switch_mutex_unlock(profile->ireg_mutex);
|
||||
|
|
@ -871,10 +871,10 @@ char *sofia_reg_find_reg_url(sofia_profile_t *profile, const char *user, const c
|
|||
cbt.len = len;
|
||||
|
||||
if (host) {
|
||||
switch_snprintf(sql, sizeof(sql), "select contact from sip_registrations where sip_user='%s' and (sip_host='%s' or presence_hosts like '%%%s%%')",
|
||||
switch_snprintfv(sql, sizeof(sql), "select contact from sip_registrations where sip_user='%q' and (sip_host='%q' or presence_hosts like '%%%q%%')",
|
||||
user, host, host);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql), "select contact from sip_registrations where sip_user='%s'", user);
|
||||
switch_snprintfv(sql, sizeof(sql), "select contact from sip_registrations where sip_user='%q'", user);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -900,10 +900,10 @@ switch_console_callback_match_t *sofia_reg_find_reg_url_multi(sofia_profile_t *p
|
|||
}
|
||||
|
||||
if (host) {
|
||||
switch_snprintf(sql, sizeof(sql), "select contact from sip_registrations where sip_user='%s' and (sip_host='%s' or presence_hosts like '%%%s%%')",
|
||||
switch_snprintfv(sql, sizeof(sql), "select contact from sip_registrations where sip_user='%q' and (sip_host='%q' or presence_hosts like '%%%q%%')",
|
||||
user, host, host);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql), "select contact from sip_registrations where sip_user='%s'", user);
|
||||
switch_snprintfv(sql, sizeof(sql), "select contact from sip_registrations where sip_user='%q'", user);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -924,10 +924,10 @@ switch_console_callback_match_t *sofia_reg_find_reg_url_with_positive_expires_mu
|
|||
}
|
||||
|
||||
if (host) {
|
||||
switch_snprintf(sql, sizeof(sql), "select contact,expires from sip_registrations where sip_user='%s' and (sip_host='%s' or presence_hosts like '%%%s%%')",
|
||||
switch_snprintfv(sql, sizeof(sql), "select contact,expires from sip_registrations where sip_user='%q' and (sip_host='%q' or presence_hosts like '%%%q%%')",
|
||||
user, host, host);
|
||||
} else {
|
||||
switch_snprintf(sql, sizeof(sql), "select contact,expires from sip_registrations where sip_user='%s'", user);
|
||||
switch_snprintfv(sql, sizeof(sql), "select contact,expires from sip_registrations where sip_user='%q'", user);
|
||||
}
|
||||
|
||||
sofia_glue_execute_sql_callback(profile, profile->ireg_mutex, sql, sofia_reg_find_reg_with_positive_expires_callback, &cbt);
|
||||
|
|
|
|||
|
|
@ -733,7 +733,7 @@ SWITCH_DECLARE(switch_status_t) switch_cache_db_persistant_execute_trans(switch_
|
|||
|
||||
if ((result = switch_odbc_SQLSetAutoCommitAttr(dbh->native_handle.odbc_dbh, 0)) != SWITCH_ODBC_SUCCESS) {
|
||||
char tmp[100];
|
||||
switch_snprintf(tmp, sizeof(tmp), "%s-%i", "Unable to Set AutoCommit Off", result);
|
||||
switch_snprintfv(tmp, sizeof(tmp), "%q-%i", "Unable to Set AutoCommit Off", result);
|
||||
errmsg = strdup(tmp);
|
||||
}
|
||||
}
|
||||
|
|
@ -1144,7 +1144,7 @@ static char *parse_presence_data_cols(switch_event_t *event)
|
|||
SWITCH_STANDARD_STREAM(stream);
|
||||
|
||||
for (i = 0; i < col_count; i++) {
|
||||
switch_snprintf(col_name, sizeof(col_name), "variable_%s", cols[i]);
|
||||
switch_snprintfv(col_name, sizeof(col_name), "variable_%q", cols[i]);
|
||||
stream.write_function(&stream, "%q='%q',", cols[i], switch_event_get_header_nil(event, col_name));
|
||||
}
|
||||
|
||||
|
|
@ -1906,7 +1906,7 @@ switch_status_t switch_core_sqldb_start(switch_memory_pool_t *pool, switch_bool_
|
|||
const char *hostname = switch_core_get_switchname();
|
||||
|
||||
for (i = 0; tables[i]; i++) {
|
||||
switch_snprintf(sql, sizeof(sql), "delete from %s where hostname='%s'", tables[i], hostname);
|
||||
switch_snprintfv(sql, sizeof(sql), "delete from %q where hostname='%q'", tables[i], hostname);
|
||||
switch_cache_db_execute_sql(dbh, sql, NULL);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue