| |
@@ -0,0 +1,82 @@
|
| |
+ From 37f2e0f0658d78a1496dc277f402f8b577ce6aae Mon Sep 17 00:00:00 2001
|
| |
+ From: Klaus Espenlaub <klaus@espenlaub.com>
|
| |
+ Date: Tue, 8 Feb 2022 20:34:40 +0000
|
| |
+ Subject: [PATCH] CVE-2022-24407 Escape password for SQL insert/update
|
| |
+ commands.
|
| |
+
|
| |
+ Signed-off-by: Klaus Espenlaub <klaus@espenlaub.com>
|
| |
+ ---
|
| |
+ plugins/sql.c | 26 +++++++++++++++++++++++---
|
| |
+ 1 file changed, 23 insertions(+), 3 deletions(-)
|
| |
+
|
| |
+ diff --git a/plugins/sql.c b/plugins/sql.c
|
| |
+ index 31b54a78..6ac81c2f 100644
|
| |
+ --- a/plugins/sql.c
|
| |
+ +++ b/plugins/sql.c
|
| |
+ @@ -1151,6 +1151,7 @@ static int sql_auxprop_store(void *glob_context,
|
| |
+ char *statement = NULL;
|
| |
+ char *escap_userid = NULL;
|
| |
+ char *escap_realm = NULL;
|
| |
+ + char *escap_passwd = NULL;
|
| |
+ const char *cmd;
|
| |
+
|
| |
+ sql_settings_t *settings;
|
| |
+ @@ -1222,6 +1223,11 @@ static int sql_auxprop_store(void *glob_context,
|
| |
+ "Unable to begin transaction\n");
|
| |
+ }
|
| |
+ for (cur = to_store; ret == SASL_OK && cur->name; cur++) {
|
| |
+ + /* Free the buffer, current content is from previous loop. */
|
| |
+ + if (escap_passwd) {
|
| |
+ + sparams->utils->free(escap_passwd);
|
| |
+ + escap_passwd = NULL;
|
| |
+ + }
|
| |
+
|
| |
+ if (cur->name[0] == '*') {
|
| |
+ continue;
|
| |
+ @@ -1243,19 +1249,32 @@ static int sql_auxprop_store(void *glob_context,
|
| |
+ }
|
| |
+ sparams->utils->free(statement);
|
| |
+
|
| |
+ + if (cur->values[0]) {
|
| |
+ + escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1);
|
| |
+ + if (!escap_passwd) {
|
| |
+ + ret = SASL_NOMEM;
|
| |
+ + break;
|
| |
+ + }
|
| |
+ + settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]);
|
| |
+ + }
|
| |
+ +
|
| |
+ /* create a statement that we will use */
|
| |
+ statement = sql_create_statement(cmd, cur->name, escap_userid,
|
| |
+ escap_realm,
|
| |
+ - cur->values && cur->values[0] ?
|
| |
+ - cur->values[0] : SQL_NULL_VALUE,
|
| |
+ + escap_passwd ?
|
| |
+ + escap_passwd : SQL_NULL_VALUE,
|
| |
+ sparams->utils);
|
| |
+ + if (!statement) {
|
| |
+ + ret = SASL_NOMEM;
|
| |
+ + break;
|
| |
+ + }
|
| |
+
|
| |
+ {
|
| |
+ char *log_statement =
|
| |
+ sql_create_statement(cmd, cur->name,
|
| |
+ escap_userid,
|
| |
+ escap_realm,
|
| |
+ - cur->values && cur->values[0] ?
|
| |
+ + escap_passwd ?
|
| |
+ "<omitted>" : SQL_NULL_VALUE,
|
| |
+ sparams->utils);
|
| |
+ sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
|
| |
+ @@ -1288,6 +1307,7 @@ static int sql_auxprop_store(void *glob_context,
|
| |
+ done:
|
| |
+ if (escap_userid) sparams->utils->free(escap_userid);
|
| |
+ if (escap_realm) sparams->utils->free(escap_realm);
|
| |
+ + if (escap_passwd) sparams->utils->free(escap_passwd);
|
| |
+ if (conn) settings->sql_engine->sql_close(conn);
|
| |
+ if (userid) sparams->utils->free(userid);
|
| |
+ if (realm) sparams->utils->free(realm);
|
| |
+ --
|
| |
+ 2.25.1
|
| |
+
|
| |
Align with c8