From: Sangyoon Jang <jeremy.jang@samsung.com>
Date: Thu, 17 Jan 2019 10:30:48 +0000 (+0900)
Subject: Fix to avoiding sql injection
X-Git-Tag: submit/tizen/20190215.085133~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=23b945bb43eaca81c9606e73aa0581e9c8698f1a;p=platform%2Fcore%2Fappfw%2Fpkgmgr-tool.git

Fix to avoiding sql injection

Change-Id: I8810ab87632294431fa7c162b380700682ec8838
Signed-off-by: Sangyoon Jang <jeremy.jang@samsung.com>
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index dc9b6fc..ac4eb77 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -22,7 +22,7 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/client/include)
 INCLUDE(FindPkgConfig)
 
 pkg_check_modules(pkgs_test REQUIRED dlog glib-2.0 bundle pkgmgr pkgmgr-parser pkgmgr-info pkgmgr-installer iniparser
-libtzplatform-config aul storage)
+libtzplatform-config aul storage sqlite3)
 FOREACH(flag ${pkgs_test_CFLAGS})
 	SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
 ENDFOREACH(flag)
diff --git a/packaging/pkgmgr-tool.spec b/packaging/pkgmgr-tool.spec
index 03ddf53..3949836 100644
--- a/packaging/pkgmgr-tool.spec
+++ b/packaging/pkgmgr-tool.spec
@@ -24,10 +24,10 @@ BuildRequires:  pkgconfig(pkgmgr)
 BuildRequires:  pkgconfig(pkgmgr-installer)
 BuildRequires:  pkgconfig(aul)
 BuildRequires:  pkgconfig(storage)
+BuildRequires:  pkgconfig(sqlite3)
 BuildRequires:  pkgmgr-info-parser-devel
 BuildRequires:  pkgmgr-info-parser
 BuildRequires:  fdupes
-Requires: sqlite3
 Requires(posttrans):  /usr/bin/pkg_initdb
 
 %description
diff --git a/src/pkg_upgrade.c b/src/pkg_upgrade.c
index 1a8be29..566231b 100644
--- a/src/pkg_upgrade.c
+++ b/src/pkg_upgrade.c
@@ -32,6 +32,7 @@
 #include <sys/wait.h>
 #include <sys/time.h>
 #include <libxml/xmlreader.h>
+#include <sqlite3.h>
 
 #include <package-manager-types.h>
 #include <package-manager.h>
@@ -427,7 +428,7 @@ static void __send_args_to_backend(const char *pkgid, const char *pkgtype,
 	struct timeval tv;
 	gettimeofday(&tv, NULL);
 	starttime = tv.tv_sec * 1000l + tv.tv_usec / 1000l;
-	char buf[BUF_SIZE];
+	char *query;
 	char backend_cmd[BUF_SIZE];
 	const char *new_pkgtype;
 	const char tpk_pkgtype[] = "tpk";
@@ -467,31 +468,31 @@ static void __send_args_to_backend(const char *pkgid, const char *pkgtype,
 		ret = __xsystem(uninstall_ro);
 		break;
 	case PKG_NEED_UPDATE_TO_RW:
-		snprintf(buf, sizeof(buf),
+		query = sqlite3_mprintf(
 				"UPDATE package_info SET " \
 				"package_preload='false', " \
 				"package_system='false' "\
-				"WHERE package='%s'", pkgid);
+				"WHERE package=%Q", pkgid);
 		db_cmd[1] = strdup(DBPATH);
-		db_cmd[2] = strdup(buf);
+		db_cmd[2] = query;
 		ret = __xsystem(db_cmd);
 		FREE_AND_NULL(db_cmd[1]);
-		FREE_AND_NULL(db_cmd[2]);
+		sqlite3_free(query);
 		break;
 	case PKG_NEED_RWUNINSTALL:
 	case PKG_NEED_UPDATE_TO_RO:
 		ret = __xsystem(uninstall_ro_update);
 		break;
 	case PKG_NEED_RO_DBREMOVE:
-		snprintf(buf, sizeof(buf),
+		query = sqlite3_mprintf(
 				"PRAGMA foreign_keys=on; " \
 				"DELETE FROM package_info " \
-				"WHERE package='%s'", pkgid);
+				"WHERE package=%Q", pkgid);
 		db_cmd[1] = strdup(DBPATH);
-		db_cmd[2] = strdup(buf);
+		db_cmd[2] = query;
 		ret = __xsystem(db_cmd);
 		FREE_AND_NULL(db_cmd[1]);
-		FREE_AND_NULL(db_cmd[2]);
+		sqlite3_free(query);
 		break;
 	case PKG_NEED_PRELOADRW_INSTALL:
 		ret = __xsystem(preload_rw);
@@ -1098,6 +1099,7 @@ static int __process_rw_fota()
 
 		pkgtype = __getvalue(buf, TOKEN_TYPE_STR, 1);
 		__install_preload_rw(pkgid, pkgtype);
+		free(pkgtype);
 
 		if (handle)
 			pkgmgrinfo_pkginfo_destroy_pkginfo(handle);