Fix to avoiding sql injection

Change-Id: I8810ab87632294431fa7c162b380700682ec8838
Signed-off-by: Sangyoon Jang <jeremy.jang@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index dc9b6fc3d6ea5668e3771a2928bd6663e14c9127..ac4eb77094eadd93eea5b86e5bb152050c0b8573 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -22,7 +22,7 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/client/include)
 INCLUDE(FindPkgConfig)
 
 pkg_check_modules(pkgs_test REQUIRED dlog glib-2.0 bundle pkgmgr pkgmgr-parser pkgmgr-info pkgmgr-installer iniparser
-libtzplatform-config aul storage)
+libtzplatform-config aul storage sqlite3)
 FOREACH(flag ${pkgs_test_CFLAGS})
        SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
 ENDFOREACH(flag)

diff --git a/packaging/pkgmgr-tool.spec b/packaging/pkgmgr-tool.spec
index 03ddf53b5b71010c240e82708b88e61319bb3cc4..39498362bd74bbde2725284caf6fb9e76b8f1d22 100644 (file)
--- a/packaging/pkgmgr-tool.spec
+++ b/packaging/pkgmgr-tool.spec
@@ -24,10 +24,10 @@ BuildRequires:  pkgconfig(pkgmgr)
 BuildRequires:  pkgconfig(pkgmgr-installer)
 BuildRequires:  pkgconfig(aul)
 BuildRequires:  pkgconfig(storage)
+BuildRequires:  pkgconfig(sqlite3)
 BuildRequires:  pkgmgr-info-parser-devel
 BuildRequires:  pkgmgr-info-parser
 BuildRequires:  fdupes
-Requires: sqlite3
 Requires(posttrans):  /usr/bin/pkg_initdb
 
 %description

diff --git a/src/pkg_upgrade.c b/src/pkg_upgrade.c
index 1a8be29394500f9025a4b88df3322cd0edcdf178..566231b0873e286e5d9c999bd98718548972b794 100644 (file)
--- a/src/pkg_upgrade.c
+++ b/src/pkg_upgrade.c
@@ -32,6 +32,7 @@
 #include <sys/wait.h>
 #include <sys/time.h>
 #include <libxml/xmlreader.h>
+#include <sqlite3.h>
 
 #include <package-manager-types.h>
 #include <package-manager.h>
@@ -427,7 +428,7 @@ static void __send_args_to_backend(const char *pkgid, const char *pkgtype,
        struct timeval tv;
        gettimeofday(&tv, NULL);
        starttime = tv.tv_sec * 1000l + tv.tv_usec / 1000l;
-       char buf[BUF_SIZE];
+       char *query;
        char backend_cmd[BUF_SIZE];
        const char *new_pkgtype;
        const char tpk_pkgtype[] = "tpk";
@@ -467,31 +468,31 @@ static void __send_args_to_backend(const char *pkgid, const char *pkgtype,
                ret = __xsystem(uninstall_ro);
                break;
        case PKG_NEED_UPDATE_TO_RW:
-               snprintf(buf, sizeof(buf),
+               query = sqlite3_mprintf(
                                "UPDATE package_info SET " \
                                "package_preload='false', " \
                                "package_system='false' "\
-                               "WHERE package='%s'", pkgid);
+                               "WHERE package=%Q", pkgid);
                db_cmd[1] = strdup(DBPATH);
-               db_cmd[2] = strdup(buf);
+               db_cmd[2] = query;
                ret = __xsystem(db_cmd);
                FREE_AND_NULL(db_cmd[1]);
-               FREE_AND_NULL(db_cmd[2]);
+               sqlite3_free(query);
                break;
        case PKG_NEED_RWUNINSTALL:
        case PKG_NEED_UPDATE_TO_RO:
                ret = __xsystem(uninstall_ro_update);
                break;
        case PKG_NEED_RO_DBREMOVE:
-               snprintf(buf, sizeof(buf),
+               query = sqlite3_mprintf(
                                "PRAGMA foreign_keys=on; " \
                                "DELETE FROM package_info " \
-                               "WHERE package='%s'", pkgid);
+                               "WHERE package=%Q", pkgid);
                db_cmd[1] = strdup(DBPATH);
-               db_cmd[2] = strdup(buf);
+               db_cmd[2] = query;
                ret = __xsystem(db_cmd);
                FREE_AND_NULL(db_cmd[1]);
-               FREE_AND_NULL(db_cmd[2]);
+               sqlite3_free(query);
                break;
        case PKG_NEED_PRELOADRW_INSTALL:
                ret = __xsystem(preload_rw);
@@ -1098,6 +1099,7 @@ static int __process_rw_fota()
 
                pkgtype = __getvalue(buf, TOKEN_TYPE_STR, 1);
                __install_preload_rw(pkgid, pkgtype);
+               free(pkgtype);
 
                if (handle)
                        pkgmgrinfo_pkginfo_destroy_pkginfo(handle);