From: Jongkyu Koo <jk.koo@samsung.com>
Date: Thu, 19 Oct 2017 06:12:19 +0000 (+0900)
Subject: fix security defect(to use sqlite3_bind func)
X-Git-Tag: submit/tizen/20171019.071641^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F09%2F156609%2F1;p=platform%2Fcore%2Ftelephony%2Fphonenumber-utils.git

fix security defect(to use sqlite3_bind func)

Change-Id: I125bf8718777277369267ae73664f3827fdd38fa
Signed-off-by: Jongkyu Koo <jk.koo@samsung.com>
---

diff --git a/daemon/phnd-blocking_rule.c b/daemon/phnd-blocking_rule.c
index 7c587ab..bba0061 100644
--- a/daemon/phnd-blocking_rule.c
+++ b/daemon/phnd-blocking_rule.c
@@ -226,20 +226,20 @@ int phnd_blocking_rule_get_related(int user_id, char *number, GSList **rule_list
 			"FROM "PHND_TABLE_BLOCKNUMBER" "
 			"WHERE user_id = %d AND (CASE "
 			"WHEN match_type = %d "
-			"THEN '%s' = number OR '%s' = normalized_number "
+			"THEN ? = number OR '%s' = normalized_number "
 			"WHEN match_type = %d "
-			"THEN SUBSTR('%s', 1, LENGTH(number)) = number OR "
+			"THEN SUBSTR(?, 1, LENGTH(number)) = number OR "
 			"SUBSTR('%s', 1, LENGTH(normalized_number)) = normalized_number "
 			"WHEN match_type = %d "
-			"THEN SUBSTR('%s', -LENGTH(normalized_number)) = number "
+			"THEN SUBSTR(?, -LENGTH(normalized_number)) = number "
 			"WHEN match_type = %d "
-			"THEN INSTR('%s', number) "
+			"THEN INSTR(?, number) "
 			"END) ",
 			user_id,
-			PHONE_NUMBER_MATCH_TYPE_EXACTLY, number, normalized,
-			PHONE_NUMBER_MATCH_TYPE_STARTS_WITH, number, normalized,
-			PHONE_NUMBER_MATCH_TYPE_ENDS_WITH, number,
-			PHONE_NUMBER_MATCH_TYPE_INCLUDES, number);
+			PHONE_NUMBER_MATCH_TYPE_EXACTLY, normalized,
+			PHONE_NUMBER_MATCH_TYPE_STARTS_WITH, normalized,
+			PHONE_NUMBER_MATCH_TYPE_ENDS_WITH,
+			PHONE_NUMBER_MATCH_TYPE_INCLUDES);
 
 	DBG("query : %s", query);
 
@@ -253,6 +253,10 @@ int phnd_blocking_rule_get_related(int user_id, char *number, GSList **rule_list
 		return ret;
 		/* LCOV_EXCL_STOP */
 	}
+
+	for (int i = 1; i <= 4; i++)
+		sqlite3_bind_text(stmt, i, number, strlen(number), SQLITE_STATIC);
+
 	while (PHND_SQLITE_ROW == phnd_sqlite_step(stmt)) {
 		phone_number_blocking_rule_h rule = NULL;
 		ret = phn_record_create(&rule);
diff --git a/include/phone_number.h b/include/phone_number.h
index 7657c96..38a7b59 100644
--- a/include/phone_number.h
+++ b/include/phone_number.h
@@ -181,7 +181,7 @@ int phone_number_add_blocking_rule(phone_number_blocking_rule_h rule);
  * @privlevel partner
  * @privilege %http://tizen.org/privilege/blocknumber.write
  *
- * @remarks The blocking rule to remove should have been gotten from the the phone number database using phone_number_get_blocking_rules().
+ * @remarks The blocking rule to remove should have been gotten from the phone number database using phone_number_get_blocking_rules().
  *
  * @param[in] rule     The blocking rule handle
  *