5a8586105ed720ed3fb1038c61db8fcfcc7f3ef6 galt Fri Sep 30 21:13:57 2022 -0700 Some final cleanup for sqlSafef V2. fixes cdwMakeFileTags. no redmine. diff --git src/hg/inc/jksql.h src/hg/inc/jksql.h index bc18cd3..372e54a 100644 --- src/hg/inc/jksql.h +++ src/hg/inc/jksql.h @@ -620,32 +620,31 @@ /* dump internal info about SQL configuration for debugging purposes */ void sqlPrintStats(FILE *fh); /* print statistic about the number of connections and other options done by * this process. */ struct sqlResult *sqlStoreResult(struct sqlConnection *sc, char *query); /* Returns NULL if result was empty. Otherwise returns a structure * that you can do sqlRow() on. Same interface as sqlGetResult, * but internally this keeps the entire result in memory. */ /* --------- input checks to prevent sql injection --------------------------------------- */ -//#define sqlCkIl sqlCheckIdentifiersList -#define sqlCkIl(fieldsSafe,fields) char fieldsSafe[strlen(fields)+9+1]; \ +#define sqlCkIl(fieldsSafe,fields) char fieldsSafe[strlen(fields)+NOSQLINJ_SIZE+1]; \ sqlCheckIdentifiersList(fieldsSafe, sizeof fieldsSafe, fields); void sqlCheckIdentifiersList(char* buffer, int bufSize, char *identifiers); /* Check that only valid identifier characters are used in a comma-separated list. * Save safe-marked identifiers list to buf. */ #define sqlCkId sqlCheckIdentifier char *sqlCheckIdentifier(char *identifier); /* Check that only valid identifier characters are used */ // ============================= int vaSqlSafefNoAbort(char* buffer, int bufSize, boolean newString, char *format, va_list args); /* VarArgs Format string to buffer, vsprintf style, only with buffer overflow