[mpitt at debian.org: [Pkg-nagios-devel] Bug#369362: nagios: Insecure quote escaping in PostgreSQL backend]

Andreas Ericsson ae at op5.se
Mon Jun 5 14:47:32 CEST 2006

Previous message: strip of swedish characters in macros
Next message: [mpitt at debian.org: [Pkg-nagios-devel] Bug#369362: nagios: Insecure quote escaping in PostgreSQL backend]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sean finney wrote:
> hi ethan,
> 
> fyi, looks like there could potentially be some more problems with the
> RDBMS methods in 1.x.  i think the fix is probably not too hard; instead
> of escaping queries manually using the provided functions by libpq (and
> i'm sure a similar function for mysql must exist?).
> 

mysql_real_escape(char *src, char **dst, size_t src_len, size_t dst_len)

or some such. **dst must be at least twice as long as src to make sure 
the buffer can be properly escaped.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Previous message: strip of swedish characters in macros
Next message: [mpitt at debian.org: [Pkg-nagios-devel] Bug#369362: nagios: Insecure quote escaping in PostgreSQL backend]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list