080a160c7b9595d516c9c70e83689a09b60839d0
galt
Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/useCount/useCount.c src/hg/useCount/useCount.c
index ab7fdad..d318178 100644
--- src/hg/useCount/useCount.c
+++ src/hg/useCount/useCount.c
@@ -1,60 +1,60 @@
/* useCount - a simple CGI that merely counts its references. */
#include "common.h"
#include "jksql.h"
#include "cheapcgi.h"
#include "hdb.h"
/* table to use for counting in hgcentral */
static char useCount[] = "useCount";
int main(int argc, char *argv[])
{
int count = 0;
cgiSpoof(&argc, argv);
char dateTime[256];
char *remoteAddr = getenv("REMOTE_ADDR");
char *userAgent = getenv("HTTP_USER_AGENT");
char *version = cgiUsualString("version", "unknown");
if (remoteAddr == NULL)
remoteAddr = "unknown";
if (userAgent == NULL)
userAgent = "unknown";
/* protect against huge strings coming in from outside */
char safeAgent[255];
snprintf(safeAgent, sizeof(safeAgent), "%s", userAgent);
char safeAddr[255];
snprintf(safeAddr, sizeof(safeAddr), "%s", remoteAddr);
char safeVersion[255];
snprintf(safeVersion, sizeof(safeVersion), "%s", version);
printf("Content-Type:text/html\n\n\n");
printf("");
printf("\n");
struct sqlConnection *conn = hConnectCentral();
if (conn)
{
char query[1024];
if (sqlTableExists(conn, useCount))
{
- safef(query, sizeof(query), "INSERT %s VALUES(0,\"%s\",\"%s\",now(),\"%s\")",
+ sqlSafef(query, sizeof(query), "INSERT %s VALUES(0,\"%s\",\"%s\",now(),\"%s\")",
useCount, safeAgent, safeAddr, safeVersion);
sqlUpdate(conn,query);
count = sqlLastAutoId(conn);
- safef(query, sizeof(query), "SELECT dateTime FROM %s WHERE count=%d",
+ sqlSafef(query, sizeof(query), "SELECT dateTime FROM %s WHERE count=%d",
useCount, count);
(void) sqlQuickQuery(conn, query, dateTime, sizeof(dateTime));
}
else
{
printf("ERROR: can not find table '%s'
\n", useCount);
}
hDisconnectCentral(&conn);
}
printf("count: %d, date: %s
\n", count, dateTime);
printf("\n");
return 0;
}