Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 58267 Details for
Bug 91736
net-dialup/freeradius RLM_SQL.C SQL Multiple Vulnerabilities
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
xtradius: sql injection in authmysql
xtradius.patch (text/plain), 664 bytes, created by
Adir Abraham
on 2005-05-07 05:35:02 UTC
(
hide
)
Description:
xtradius: sql injection in authmysql
Filename:
MIME Type:
Creator:
Adir Abraham
Created:
2005-05-07 05:35:02 UTC
Size:
664 bytes
patch
obsolete
>diff -Nru /tmp/4fCGVl7C4o/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c /tmp/pjjbxPhZcv/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c >--- /tmp/4fCGVl7C4o/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c 2002-03-02 15:45:02.000000000 +0000 >+++ /tmp/pjjbxPhZcv/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c 2005-05-06 07:27:23.639379832 +0000 >@@ -61,9 +61,12 @@ > > */ > >+ if (strstr(argv[1], "'") == NULL){ > command_length = strlen(SQL_SELECT) + strlen(argv[1]) + strlen(argv[2]); > command = (char *) malloc(command_length*sizeof(char)); > sprintf(command,SQL_SELECT,argv[1]); >+ } >+ else exit(-1); > > > /*
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 91736
: 58267