From 0608ae73a9c55993d4c32d277420704e9e515b6d Mon Sep 17 00:00:00 2001 From: Dan Scott Date: Wed, 16 Jan 2013 15:18:27 -0500 Subject: [PATCH] Revert security fixes that did not pull in previous changes The 2.1.5 tarball contained many other commits in between 2.1.3a and 2.1.5, so the rel_2_1 branch didn't reflect what was in the tarball. Revert, so that we can push tags/rel_2_1_5 to rel_2_1 and have an accurate reflection of the release tarball and current state of the release. Signed-off-by: Dan Scott --- Open-ILS/src/c-apps/oils_sql.c | 72 ++---------------------------------------- 1 file changed, 3 insertions(+), 69 deletions(-) diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c index d611439bcf..2f19ddb48e 100644 --- a/Open-ILS/src/c-apps/oils_sql.c +++ b/Open-ILS/src/c-apps/oils_sql.c @@ -143,8 +143,6 @@ static int perm_at_threshold = 5; static int enforce_pcrud = 0; // Boolean static char* modulename = NULL; -static char* _sanitize_savepoint_name( const char* sp ); - /** @brief Connect to the database. @return A database connection if successful, or NULL if not. @@ -875,15 +873,7 @@ int setSavepoint( osrfMethodContext* ctx ) { // Get the savepoint name from the method params const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) ); - if (!spName) { - osrfLogWarning(OSRF_LOG_MARK, "savepoint.set called with no name"); - return -1; - } - - char *safeSpName = _sanitize_savepoint_name( spName ); - - dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", safeSpName ); - free( safeSpName ); + dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", spName ); if( !result ) { const char* msg; int errnum = dbi_conn_error( writehandle, &msg ); @@ -954,15 +944,7 @@ int releaseSavepoint( osrfMethodContext* ctx ) { // Get the savepoint name from the method params const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) ); - if (!spName) { - osrfLogWarning(OSRF_LOG_MARK, "savepoint.release called with no name"); - return -1; - } - - char *safeSpName = _sanitize_savepoint_name( spName ); - - dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", safeSpName ); - free( safeSpName ); + dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", spName ); if( !result ) { const char* msg; int errnum = dbi_conn_error( writehandle, &msg ); @@ -1033,15 +1015,7 @@ int rollbackSavepoint( osrfMethodContext* ctx ) { // Get the savepoint name from the method params const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) ); - if (!spName) { - osrfLogWarning(OSRF_LOG_MARK, "savepoint.rollback called with no name"); - return -1; - } - - char *safeSpName = _sanitize_savepoint_name( spName ); - - dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", safeSpName ); - free( safeSpName ); + dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", spName ); if( !result ) { const char* msg; int errnum = dbi_conn_error( writehandle, &msg ); @@ -7048,44 +7022,4 @@ static void clear_query_stack( void ) { pop_query_frame(); } -/** - @brief Remove all but safe character from savepoint name - @param sp User-supplied savepoint name - @return sanitized savepoint name, or NULL - - The caller is expected to free the returned string. Note that - this function exists only because we can't use PQescapeLiteral - without either forking libdbi or abandoning it. -*/ -static char* _sanitize_savepoint_name( const char* sp ) { - - const char* safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345789_"; - - // PostgreSQL uses NAMEDATALEN-1 as a max length for identifiers, - // and the default value of NAMEDATALEN is 64; that should be long enough - // for our purposes, and it's unlikely that anyone is going to recompile - // PostgreSQL to have a smaller value, so cap the identifier name - // accordingly to avoid the remote chance that someone manages to pass in a - // 12GB savepoint name - const int MAX_LITERAL_NAMELEN = 63; - int len = 0; - len = strlen( sp ); - if (len > MAX_LITERAL_NAMELEN) { - len = MAX_LITERAL_NAMELEN; - } - - char* safeSpName = safe_malloc( len + 1 ); - int i = 0; - int j; - char* found; - for (j = 0; j < len; j++) { - found = strchr(safe_chars, sp[j]); - if (found) { - safeSpName[ i++ ] = found[0]; - } - } - safeSpName[ i ] = '\0'; - return safeSpName; -} - /*@}*/ -- 2.11.0