From 369d6094b0cfa037c955a6c6ada4ec1ad48825e0 Mon Sep 17 00:00:00 2001 From: Dan Langille Date: Wed, 12 Sep 2007 13:52:56 +0000 Subject: [PATCH] Modify db_escape_string() to take both jcr and db. This allows for better escaping of strings. git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@5534 91ce42f0-d328-0410-95d8-f526ca767f89 --- bacula/src/cats/bdb.c | 2 +- bacula/src/cats/mysql.c | 57 ++---------------------------------- bacula/src/cats/postgresql.c | 12 ++++++-- bacula/src/cats/protos.h | 2 +- bacula/src/cats/sql_create.c | 10 +++---- bacula/src/cats/sql_get.c | 4 +-- bacula/src/cats/sqlite.c | 2 +- bacula/src/dird/fd_cmds.c | 2 +- bacula/src/dird/ua_query.c | 2 +- bacula/src/dird/ua_restore.c | 12 ++++---- bacula/src/dird/verify.c | 2 +- bacula/src/tools/dbcheck.c | 8 ++--- bacula/technotes-2.3 | 2 ++ 13 files changed, 37 insertions(+), 80 deletions(-) diff --git a/bacula/src/cats/bdb.c b/bacula/src/cats/bdb.c index 60f57849ea..d9862abab1 100644 --- a/bacula/src/cats/bdb.c +++ b/bacula/src/cats/bdb.c @@ -307,7 +307,7 @@ void db_thread_cleanup() { } -void db_escape_string(char *snew, char *old, int len) +void db_escape_string(JCR *jcr, B_DB *db, char *snew, char *old, int len) { memset(snew, 0, len); bstrncpy(snew, old, len); diff --git a/bacula/src/cats/mysql.c b/bacula/src/cats/mysql.c index 6242fc3753..a84fd502ef 100644 --- a/bacula/src/cats/mysql.c +++ b/bacula/src/cats/mysql.c @@ -295,62 +295,9 @@ int db_next_index(JCR *jcr, B_DB *mdb, char *table, char *index) * the escaped output. */ void -db_escape_string(char *snew, char *old, int len) +db_escape_string(JCR *jcr, B_DB *db, char *snew, char *old, int len) { - mysql_escape_string(snew, old, len); - -#ifdef xDO_IT_MYSELF - -/* Should use mysql_real_escape_string ! */ -unsigned long mysql_real_escape_string(MYSQL *mysql, char *to, const char *from, unsigned long length); - - char *n, *o; - - n = snew; - o = old; - while (len--) { - switch (*o) { - case 0: - *n++= '\\'; - *n++= '0'; - o++; - break; - case '\n': - *n++= '\\'; - *n++= 'n'; - o++; - break; - case '\r': - *n++= '\\'; - *n++= 'r'; - o++; - break; - case '\\': - *n++= '\\'; - *n++= '\\'; - o++; - break; - case '\'': - *n++= '\\'; - *n++= '\''; - o++; - break; - case '"': - *n++= '\\'; - *n++= '"'; - o++; - break; - case '\032': - *n++= '\\'; - *n++= 'Z'; - o++; - break; - default: - *n++= *o++; - } - } - *n = 0; -#endif + mysql_real_escape_string(jcr->db, snew, old, len); } /* diff --git a/bacula/src/cats/postgresql.c b/bacula/src/cats/postgresql.c index ff73a9f9c5..4a0d2d816f 100644 --- a/bacula/src/cats/postgresql.c +++ b/bacula/src/cats/postgresql.c @@ -284,9 +284,17 @@ int db_next_index(JCR *jcr, B_DB *mdb, char *table, char *index) * the escaped output. */ void -db_escape_string(char *snew, char *old, int len) +db_escape_string(JCR *jcr, B_DB *mdb, char *snew, char *old, int len) { - PQescapeString(snew, old, len); + int error; + + PQescapeStringConn(mdb->db, snew, old, len, &error); + if (error) { + Jmsg(jcr, M_FATAL, 0, _("PQescapeStringConn returned non-zero.\n")); + /* error on encoding, probably invalid multibyte encoding in the source string + see PQescapeStringConn documentation for details. */ + Dmsg0(500, "PQescapeStringConn failed\n"); + } } /* diff --git a/bacula/src/cats/protos.h b/bacula/src/cats/protos.h index c554a22744..43f1d98427 100644 --- a/bacula/src/cats/protos.h +++ b/bacula/src/cats/protos.h @@ -46,7 +46,7 @@ B_DB *db_init_database(JCR *jcr, const char *db_name, const char *db_user, const int mult_db_connections); int db_open_database(JCR *jcr, B_DB *db); void db_close_database(JCR *jcr, B_DB *db); -void db_escape_string(char *snew, char *old, int len); +void db_escape_string(JCR *jcr, B_DB *db, char *snew, char *old, int len); char *db_strerror(B_DB *mdb); int db_next_index(JCR *jcr, B_DB *mdb, char *table, char *index); int db_sql_query(B_DB *mdb, const char *cmd, DB_RESULT_HANDLER *result_handler, void *ctx); diff --git a/bacula/src/cats/sql_create.c b/bacula/src/cats/sql_create.c index 95d4afdf85..b3b37726e2 100644 --- a/bacula/src/cats/sql_create.c +++ b/bacula/src/cats/sql_create.c @@ -712,10 +712,10 @@ bool my_batch_insert(JCR *jcr, B_DB *mdb, ATTR_DBR *ar) char ed1[50]; mdb->esc_name = check_pool_memory_size(mdb->esc_name, mdb->fnl*2+1); - db_escape_string(mdb->esc_name, mdb->fname, mdb->fnl); + db_escape_string(jcr, mdb, mdb->esc_name, mdb->fname, mdb->fnl); mdb->esc_path = check_pool_memory_size(mdb->esc_path, mdb->pnl*2+1); - db_escape_string(mdb->esc_path, mdb->path, mdb->pnl); + db_escape_string(jcr, mdb, mdb->esc_path, mdb->path, mdb->pnl); if (ar->Digest == NULL || ar->Digest[0] == 0) { digest = "0"; @@ -994,7 +994,7 @@ static int db_create_path_record(JCR *jcr, B_DB *mdb, ATTR_DBR *ar) int stat; mdb->esc_name = check_pool_memory_size(mdb->esc_name, 2*mdb->pnl+2); - db_escape_string(mdb->esc_name, mdb->path, mdb->pnl); + db_escape_string(jcr, mdb, mdb->esc_name, mdb->path, mdb->pnl); if (mdb->cached_path_id != 0 && mdb->cached_path_len == mdb->pnl && strcmp(mdb->cached_path, mdb->path) == 0) { @@ -1064,8 +1064,8 @@ static int db_create_filename_record(JCR *jcr, B_DB *mdb, ATTR_DBR *ar) SQL_ROW row; mdb->esc_name = check_pool_memory_size(mdb->esc_name, 2*mdb->fnl+2); - db_escape_string(mdb->esc_name, mdb->fname, mdb->fnl); - + db_escape_string(jcr, mdb, mdb->esc_name, mdb->fname, mdb->fnl); + Mmsg(mdb->cmd, "SELECT FilenameId FROM Filename WHERE Name='%s'", mdb->esc_name); if (QUERY_DB(jcr, mdb, mdb->cmd)) { diff --git a/bacula/src/cats/sql_get.c b/bacula/src/cats/sql_get.c index 438e3f788f..981f10ab78 100644 --- a/bacula/src/cats/sql_get.c +++ b/bacula/src/cats/sql_get.c @@ -169,7 +169,7 @@ static int db_get_filename_record(JCR *jcr, B_DB *mdb) int FilenameId = 0; mdb->esc_name = check_pool_memory_size(mdb->esc_name, 2*mdb->fnl+2); - db_escape_string(mdb->esc_name, mdb->fname, mdb->fnl); + db_escape_string(jcr, mdb, mdb->esc_name, mdb->fname, mdb->fnl); Mmsg(mdb->cmd, "SELECT FilenameId FROM Filename WHERE Name='%s'", mdb->esc_name); if (QUERY_DB(jcr, mdb, mdb->cmd)) { @@ -213,7 +213,7 @@ static int db_get_path_record(JCR *jcr, B_DB *mdb) uint32_t PathId = 0; mdb->esc_name = check_pool_memory_size(mdb->esc_name, 2*mdb->pnl+2); - db_escape_string(mdb->esc_name, mdb->path, mdb->pnl); + db_escape_string(jcr, mdb, mdb->esc_name, mdb->path, mdb->pnl); if (mdb->cached_path_id != 0 && mdb->cached_path_len == mdb->pnl && strcmp(mdb->cached_path, mdb->path) == 0) { diff --git a/bacula/src/cats/sqlite.c b/bacula/src/cats/sqlite.c index 5f129f4f75..460fafe452 100644 --- a/bacula/src/cats/sqlite.c +++ b/bacula/src/cats/sqlite.c @@ -282,7 +282,7 @@ int db_next_index(JCR *jcr, B_DB *mdb, char *table, char *index) * the escaped output. */ void -db_escape_string(char *snew, char *old, int len) +db_escape_string(JCR *jcr, B_DB *db, char *snew, char *old, int len) { char *n, *o; diff --git a/bacula/src/dird/fd_cmds.c b/bacula/src/dird/fd_cmds.c index 2e9e3e5014..3aa372472f 100644 --- a/bacula/src/dird/fd_cmds.c +++ b/bacula/src/dird/fd_cmds.c @@ -677,7 +677,7 @@ int get_attributes_and_put_in_catalog(JCR *jcr) } ar->Digest = digest; ar->DigestType = crypto_digest_stream_type(stream); - db_escape_string(digest, Digest, strlen(Digest)); + db_escape_string(jcr, jcr->db, digest, Digest, strlen(Digest)); Dmsg4(dbglvl, "stream=%d DigestLen=%d Digest=%s type=%d\n", stream, strlen(digest), digest, ar->DigestType); } diff --git a/bacula/src/dird/ua_query.c b/bacula/src/dird/ua_query.c index bd3202e300..2ab55acb39 100644 --- a/bacula/src/dird/ua_query.c +++ b/bacula/src/dird/ua_query.c @@ -207,7 +207,7 @@ static POOLMEM *substitute_prompts(UAContext *ua, } len = strlen(ua->cmd); p = (char *)malloc(len * 2 + 1); - db_escape_string(p, ua->cmd, len); + db_escape_string(ua->jcr, ua->db, p, ua->cmd, len); subst[n] = p; olen = o - new_query; new_query = check_pool_memory_size(new_query, olen + strlen(p) + 10); diff --git a/bacula/src/dird/ua_restore.c b/bacula/src/dird/ua_restore.c index 0320456e86..9b0dc9090d 100644 --- a/bacula/src/dird/ua_restore.c +++ b/bacula/src/dird/ua_restore.c @@ -58,7 +58,7 @@ static void free_name_list(NAME_LIST *name_list); static bool select_backups_before_date(UAContext *ua, RESTORE_CTX *rx, char *date); static bool build_directory_tree(UAContext *ua, RESTORE_CTX *rx); static void free_rx(RESTORE_CTX *rx); -static void split_path_and_filename(RESTORE_CTX *rx, char *fname); +static void split_path_and_filename(UAContext *ua, RESTORE_CTX *rx, char *fname); static int jobid_fileindex_handler(void *ctx, int num_fields, char **row); static bool insert_file_into_findex_list(UAContext *ua, RESTORE_CTX *rx, char *file, char *date); @@ -581,7 +581,7 @@ static int user_select_jobids_or_files(UAContext *ua, RESTORE_CTX *rx) } len = strlen(ua->cmd); fname = (char *)malloc(len * 2 + 1); - db_escape_string(fname, ua->cmd, len); + db_escape_string(ua->jcr, ua->db, fname, ua->cmd, len); Mmsg(rx->query, uar_file, rx->ClientName, fname); free(fname); gui_save = ua->jcr->gui; @@ -868,7 +868,7 @@ static bool insert_file_into_findex_list(UAContext *ua, RESTORE_CTX *rx, char *f char *date) { strip_trailing_newline(file); - split_path_and_filename(rx, file); + split_path_and_filename(ua, rx, file); if (*rx->JobIds == 0) { Mmsg(rx->query, uar_jobid_fileindex, date, rx->path, rx->fname, rx->ClientName); @@ -939,7 +939,7 @@ static bool insert_table_into_findex_list(UAContext *ua, RESTORE_CTX *rx, char * return true; } -static void split_path_and_filename(RESTORE_CTX *rx, char *name) +static void split_path_and_filename(UAContext *ua, RESTORE_CTX *rx, char *name) { char *p, *f; @@ -968,7 +968,7 @@ static void split_path_and_filename(RESTORE_CTX *rx, char *name) rx->fnl = p - f; if (rx->fnl > 0) { rx->fname = check_pool_memory_size(rx->fname, 2*(rx->fnl)+1); - db_escape_string(rx->fname, f, rx->fnl); + db_escape_string(ua->jcr, ua->db, rx->fname, f, rx->fnl); } else { rx->fname[0] = 0; rx->fnl = 0; @@ -977,7 +977,7 @@ static void split_path_and_filename(RESTORE_CTX *rx, char *name) rx->pnl = f - name; if (rx->pnl > 0) { rx->path = check_pool_memory_size(rx->path, 2*(rx->pnl)+1); - db_escape_string(rx->path, name, rx->pnl); + db_escape_string(ua->jcr, ua->db, rx->path, name, rx->pnl); } else { rx->path[0] = 0; rx->pnl = 0; diff --git a/bacula/src/dird/verify.c b/bacula/src/dird/verify.c index 85651452b4..b5418d11ad 100644 --- a/bacula/src/dird/verify.c +++ b/bacula/src/dird/verify.c @@ -703,7 +703,7 @@ int get_attributes_and_compare_to_catalog(JCR *jcr, JobId_t JobId) return false; } if (do_Digest != CRYPTO_DIGEST_NONE) { - db_escape_string(buf, Opts_Digest, strlen(Opts_Digest)); + db_escape_string(jcr, jcr->db, buf, Opts_Digest, strlen(Opts_Digest)); if (strcmp(buf, fdbr.Digest) != 0) { prt_fname(jcr); if (debug_level >= 10) { diff --git a/bacula/src/tools/dbcheck.c b/bacula/src/tools/dbcheck.c index 1963931e64..dafff136af 100644 --- a/bacula/src/tools/dbcheck.c +++ b/bacula/src/tools/dbcheck.c @@ -611,7 +611,7 @@ static void eliminate_duplicate_filenames() /* Loop through list of duplicate names */ for (int i=0; i 1) { printf("%s\n", buf); @@ -669,7 +669,7 @@ static void eliminate_duplicate_paths() /* Loop through list of duplicate names */ for (int i=0; i 1) { printf("%s\n", buf); @@ -1103,7 +1103,7 @@ static void repair_bad_filenames() esc_name[1] = 0; } else { name[len-1] = 0; - db_escape_string(esc_name, name, len); + db_escape_string(NULL, db, esc_name, name, len); } bsnprintf(buf, sizeof(buf), "UPDATE Filename SET Name='%s' WHERE FilenameId=%s", @@ -1162,7 +1162,7 @@ static void repair_bad_paths() } /* Add trailing slash */ len = pm_strcat(&name, "/"); - db_escape_string(esc_name, name, len); + db_escape_string(NULL, db, esc_name, name, len); bsnprintf(buf, sizeof(buf), "UPDATE Path SET Path='%s' WHERE PathId=%s", esc_name, edit_int64(id_list.Id[i], ed1)); if (verbose > 1) { diff --git a/bacula/technotes-2.3 b/bacula/technotes-2.3 index 81abacb685..f23b5be016 100644 --- a/bacula/technotes-2.3 +++ b/bacula/technotes-2.3 @@ -2,6 +2,8 @@ General: 12Sep07 +dvl Pass jcr and db into db_escape_string() to enable better escaping + of strings kes Fix migration code to get correct Volume name with multiple volumes by skipping |. Fixes bug #936. kes Implement patch supplied by Landon to fix bug #944 where using -- 2.39.5