From 0369256720811e5247cbbe24b2f875cce259e01c Mon Sep 17 00:00:00 2001 From: Melanie Date: Sat, 26 Dec 2009 23:38:11 +0000 Subject: [PATCH 1/2] Close a SQL injection loophole in the new database driver --- OpenSim/Data/MySQL/MySQLGenericTableHandler.cs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs index 4dfc32403a..58b95d70eb 100644 --- a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs +++ b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs @@ -216,11 +216,12 @@ namespace OpenSim.Data.MySQL foreach (KeyValuePair kvp in data) { names.Add(kvp.Key); - values.Add(kvp.Value); + values.Add("?" + kvp.Key); + cmd.Parameters.AddWithValue("?" + kvp.Key, kvp.Value); } } - query = String.Format("replace into {0} (`", m_Realm) + String.Join("`,`", names.ToArray()) + "`) values ('" + String.Join("','", values.ToArray()) + "')"; + query = String.Format("replace into {0} (`", m_Realm) + String.Join("`,`", names.ToArray()) + "`) values (" + String.Join(",", values.ToArray()) + ")"; cmd.CommandText = query; From b7951d5177c0b575815f4d8a9ef35a0e7af58973 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Dec 2009 01:32:23 +0100 Subject: [PATCH 2/2] Correct some issues with the last commit --- OpenSim/Data/MySQL/MySQLGenericTableHandler.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs index 58b95d70eb..b2bd5f60c8 100644 --- a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs +++ b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs @@ -205,7 +205,8 @@ namespace OpenSim.Data.MySQL foreach (FieldInfo fi in m_Fields.Values) { names.Add(fi.Name); - values.Add(fi.GetValue(row).ToString()); + values.Add("?" + fi.Name); + cmd.Parameters.AddWithValue(fi.Name, fi.GetValue(row).ToString()); } if (m_DataField != null)