Release 1.0.5?

Nicolas Baradakis nbk at sitadelle.com
Tue Aug 23 01:04:52 CEST 2005


Alan DeKok wrote:

> > Primoz also found out that the SQL query in rlm_sqlcounter isn't
> > correctly escaped. (possible SQL injection vulnerability) As the
> > function 'sql_escape_func' is static in module 'rlm_sql', I don't
> > know if we should copy/paste the code or make the function publicly
> > available?
>
>   Since rlm_sqlcounter already calls rlm_sql to do it's work, just
> export the function.

Thinking about it, I don't like the idea to make rlm_sql export
sql_escape_func. And I'm afraid of linkage issues, too.
A links to B.
A links to C.
That's not rocket science, but will C be able to find a symbol in B
on systems with stupid linker?

I'd like to move sql_escape_func in the server core, in src/main/xlat.c
for example. However, I noticed this function uses a global variable
'allowed_chars', so we'd need to bring it in the server core, too.

-- 
Nicolas Baradakis




More information about the Freeradius-Devel mailing list