security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-12 18:23:04 +01:00
Code Activity

gpg: Make sure we only have a single SQL statement.

Browse Source 
* g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
statement.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
Neal H. Walfield 2015-10-26 13:41:07 +01:00
parent 5b0ed7674d
commit c18fb0d99b
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
g10/tofu.c
View File

@ -289,10 +289,25 @@ sqlite3_stepx (sqlite3 *db,
} }
else else
{ {
rc = sqlite3_prepare_v2 (db, sql, -1, &stmt, NULL); const char *tail = NULL;
rc = sqlite3_prepare_v2 (db, sql, -1, &stmt, &tail);
if (rc) if (rc)
log_fatal ("failed to prepare SQL: %s", sql); log_fatal ("failed to prepare SQL: %s", sql);
/* We can only process a single statement. */
if (tail)
{
while (*tail == ' ' || *tail == ';')
tail ++;
if (*tail)
log_fatal
("sqlite3_stepx can only process a single SQL statement."
" Second statement starts with: '%s'\n",
tail);
}
if (stmtp) if (stmtp)
*stmtp = stmt; *stmtp = stmt;
} }