[Non-ACR][email-service][SQL injection issue]

Signed-off-by: Sameer Prakash Pradhan <sp.pradhan@samsung.com>
Change-Id: Ibfe35f3d0dd72d103d3a78d92a47c5a3555e9f64

diff --git a/email-core/email-storage/email-storage.c b/email-core/email-storage/email-storage.c
index 0c357c0..bb86c67 100755 (executable)
--- a/email-core/email-storage/email-storage.c
+++ b/email-core/email-storage/email-storage.c
@@ -369,6 +369,7 @@ int              shm_fd_for_generating_mail_id = 0;
 {  return_value = function_call; }
 #endif /*  __FEATURE_USE_SHARED_MUTEX_FOR_PROTECTED_FUNC_CALL__ */
 
+
 static int emstorage_exec_query_by_prepare_v2(sqlite3 *local_db_handle, char *query_string)
 {
        EM_DEBUG_FUNC_BEGIN("local_db_handle[%p] query_string[%p]", local_db_handle, query_string);
@@ -1470,6 +1471,42 @@ static int _bind_stmt_field_data_blob(DB_STMT hStmt, int index, void *blob, int
        return true;
 }
 
+static int emstorage_exec_query_by_prepare_v2_stmt(sqlite3 *local_db_handle, char *query_string, char * target_mailbox_name, int input_mailbox_id, int target_account_id)
+{
+
+       EM_DEBUG_FUNC_BEGIN("Prepared Statement: local_db_handle[%p] query_string[%p]", local_db_handle, query_string);
+       int error = EMAIL_ERROR_NONE;
+       int rc = 0, count = 0;
+       DB_STMT db_statement = NULL;
+
+       EMSTORAGE_PROTECTED_FUNC_CALL(sqlite3_prepare_v2(local_db_handle, query_string, EM_SAFE_STRLEN(query_string), &db_statement, NULL), rc);
+
+       _bind_stmt_field_data_string(db_statement, count++, target_mailbox_name, 0, EM_SAFE_STRLEN(target_mailbox_name)-1);
+       _bind_stmt_field_data_int(db_statement, count++, input_mailbox_id);
+       _bind_stmt_field_data_int(db_statement, count++, target_account_id);
+
+
+       EM_DEBUG_DB_EXEC((SQLITE_OK != rc), {error = EMAIL_ERROR_DB_FAILURE; goto FINISH_OFF; },
+                       ("sqlite3_prepare failed [%d] [%s]", rc, query_string));
+
+       EMSTORAGE_PROTECTED_FUNC_CALL(sqlite3_step(db_statement), rc);
+       EM_DEBUG_DB_EXEC((rc != SQLITE_ROW && rc != SQLITE_DONE), {error = EMAIL_ERROR_DB_FAILURE; goto FINISH_OFF; },
+                       ("sqlite3_step failed [%d] [%s]", rc, query_string));
+
+FINISH_OFF:
+
+       if (db_statement != NULL) {
+               rc = sqlite3_finalize(db_statement);
+               if (rc != SQLITE_OK) {
+                       EM_DEBUG_EXCEPTION("sqlite3_finalize error [%d]", rc);
+                       error = EMAIL_ERROR_DB_FAILURE;
+               }
+       }
+
+       return error;
+
+
+}
 
 static int _delete_temp_file(const char *path)
 {
@@ -9949,9 +9986,10 @@ INTERNAL_FUNC int emstorage_move_multiple_mails_on_db(char *multi_user_name, int
        if (last_comma) *last_comma = ')'; /* replace , with) */
 
        memset(sql_query_string, 0x00, conditional_clause_len);
-       SNPRINTF(sql_query_string, conditional_clause_len, "UPDATE mail_read_mail_uid_tbl SET mailbox_name = '%s', mailbox_id = %d, account_id = %d %s", target_mailbox_name, input_mailbox_id, target_account_id, conditional_clause);
+       SNPRINTF(sql_query_string, conditional_clause_len, "UPDATE mail_read_mail_uid_tbl SET mailbox_name = ? mailbox_id = ? account_id = ? %s", conditional_clause);
+
        EM_DEBUG_LOG_SEC("Query [%s]", sql_query_string);
-       error = emstorage_exec_query_by_prepare_v2(local_db_handle, sql_query_string);
+       error = emstorage_exec_query_by_prepare_v2_stmt(local_db_handle, sql_query_string, target_mailbox_name, input_mailbox_id, target_account_id);
        if (error != EMAIL_ERROR_NONE) {
                EM_DEBUG_EXCEPTION("emstorage_exec_query_by_prepare_v2 failed:[%d]", error);
                goto FINISH_OFF;