[Pkg-gnupg-commit] [gnupg2] 67/241: gpg: Make sure we only have a single SQL statement.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Dec 9 20:31:55 UTC 2015
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit c18fb0d99b633bb267dead6e7c46229f4b780bc3
Author: Neal H. Walfield <neal at g10code.com>
Date: Mon Oct 26 13:41:07 2015 +0100
gpg: Make sure we only have a single SQL statement.
* g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
statement.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
---
g10/tofu.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/g10/tofu.c b/g10/tofu.c
index 4eab487..43a6224 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -289,10 +289,25 @@ sqlite3_stepx (sqlite3 *db,
}
else
{
- rc = sqlite3_prepare_v2 (db, sql, -1, &stmt, NULL);
+ const char *tail = NULL;
+
+ rc = sqlite3_prepare_v2 (db, sql, -1, &stmt, &tail);
if (rc)
log_fatal ("failed to prepare SQL: %s", sql);
+ /* We can only process a single statement. */
+ if (tail)
+ {
+ while (*tail == ' ' || *tail == ';')
+ tail ++;
+
+ if (*tail)
+ log_fatal
+ ("sqlite3_stepx can only process a single SQL statement."
+ " Second statement starts with: '%s'\n",
+ tail);
+ }
+
if (stmtp)
*stmtp = stmt;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list