fix security defect(to use sqlite3_bind func)

author Jongkyu Koo <jk.koo@samsung.com>

Thu, 19 Oct 2017 06:12:19 +0000 (15:12 +0900)

committer Jongkyu Koo <jk.koo@samsung.com>

Thu, 19 Oct 2017 06:14:18 +0000 (06:14 +0000)
author Jongkyu Koo <jk.koo@samsung.com>
Thu, 19 Oct 2017 06:12:19 +0000 (15:12 +0900)
committer Jongkyu Koo <jk.koo@samsung.com>
Thu, 19 Oct 2017 06:14:18 +0000 (06:14 +0000)
diff --git a/daemon/phnd-blocking_rule.c b/daemon/phnd-blocking_rule.c

index 7c587ab73203a6296d79c08b6ead2a7b9b5533c9..bba0061def7fa374c118085d7f133a518bcacb9f 100644 (file)
--- a/daemon/phnd-blocking_rule.c
+++ b/daemon/phnd-blocking_rule.c
@@ -226,20 +226,20 @@ int phnd_blocking_rule_get_related(int user_id, char *number, GSList **rule_list
                         "FROM "PHND_TABLE_BLOCKNUMBER" "
                         "WHERE user_id = %d AND (CASE "
                         "WHEN match_type = %d "
-                       "THEN '%s' = number OR '%s' = normalized_number "
+                       "THEN ? = number OR '%s' = normalized_number "
                         "WHEN match_type = %d "
-                       "THEN SUBSTR('%s', 1, LENGTH(number)) = number OR "
+                       "THEN SUBSTR(?, 1, LENGTH(number)) = number OR "
                         "SUBSTR('%s', 1, LENGTH(normalized_number)) = normalized_number "
                         "WHEN match_type = %d "
-                       "THEN SUBSTR('%s', -LENGTH(normalized_number)) = number "
+                       "THEN SUBSTR(?, -LENGTH(normalized_number)) = number "
                         "WHEN match_type = %d "
-                       "THEN INSTR('%s', number) "
+                       "THEN INSTR(?, number) "
                         "END) ",
                         user_id,
-                       PHONE_NUMBER_MATCH_TYPE_EXACTLY, number, normalized,
-                       PHONE_NUMBER_MATCH_TYPE_STARTS_WITH, number, normalized,
-                       PHONE_NUMBER_MATCH_TYPE_ENDS_WITH, number,
-                       PHONE_NUMBER_MATCH_TYPE_INCLUDES, number);
+                       PHONE_NUMBER_MATCH_TYPE_EXACTLY, normalized,
+                       PHONE_NUMBER_MATCH_TYPE_STARTS_WITH, normalized,
+                       PHONE_NUMBER_MATCH_TYPE_ENDS_WITH,
+                       PHONE_NUMBER_MATCH_TYPE_INCLUDES);
  
         DBG("query : %s", query);
  
@@ -253,6 +253,10 @@ int phnd_blocking_rule_get_related(int user_id, char *number, GSList **rule_list
                 return ret;
                 /* LCOV_EXCL_STOP */
         }
+
+       for (int i = 1; i <= 4; i++)
+               sqlite3_bind_text(stmt, i, number, strlen(number), SQLITE_STATIC);
+
         while (PHND_SQLITE_ROW == phnd_sqlite_step(stmt)) {
                 phone_number_blocking_rule_h rule = NULL;
                 ret = phn_record_create(&rule);
diff --git a/include/phone_number.h b/include/phone_number.h

index 7657c96cf38f253cf350680e4010a9cbf004b28c..38a7b59c072573f17ddc951ae7ce941bf3de50ab 100644 (file)
--- a/include/phone_number.h
+++ b/include/phone_number.h
@@ -181,7 +181,7 @@ int phone_number_add_blocking_rule(phone_number_blocking_rule_h rule);
   * @privlevel partner
   * @privilege %http://tizen.org/privilege/blocknumber.write
   *
- * @remarks The blocking rule to remove should have been gotten from the the phone number database using phone_number_get_blocking_rules().
+ * @remarks The blocking rule to remove should have been gotten from the phone number database using phone_number_get_blocking_rules().
   *
   * @param[in] rule     The blocking rule handle
   *
author	Jongkyu Koo <jk.koo@samsung.com>
	Thu, 19 Oct 2017 06:12:19 +0000 (15:12 +0900)
committer	Jongkyu Koo <jk.koo@samsung.com>
	Thu, 19 Oct 2017 06:14:18 +0000 (06:14 +0000)
daemon/phnd-blocking_rule.c		patch \| blob \| history
include/phone_number.h		patch \| blob \| history