Closed SQL connections can't be used for escaping

author Nick Porter <nick@portercomputing.co.uk>

Tue, 22 Oct 2024 08:30:17 +0000 (09:30 +0100)

committer Nick Porter <nick@portercomputing.co.uk>

Tue, 22 Oct 2024 08:30:17 +0000 (09:30 +0100)
author Nick Porter <nick@portercomputing.co.uk>
Tue, 22 Oct 2024 08:30:17 +0000 (09:30 +0100)
committer Nick Porter <nick@portercomputing.co.uk>
Tue, 22 Oct 2024 08:30:17 +0000 (09:30 +0100)
diff --git a/src/modules/rlm_sql/drivers/rlm_sql_mysql/rlm_sql_mysql.c b/src/modules/rlm_sql/drivers/rlm_sql_mysql/rlm_sql_mysql.c

index 55efd057e0628be8906f63edf90df22c14f73651..b38a036e59f1024f22975dc223edc3a9d244b413 100644 (file)
--- a/src/modules/rlm_sql/drivers/rlm_sql_mysql/rlm_sql_mysql.c
+++ b/src/modules/rlm_sql/drivers/rlm_sql_mysql/rlm_sql_mysql.c
@@ -835,11 +835,18 @@ static int sql_affected_rows(fr_sql_query_t *query_ctx, UNUSED rlm_sql_config_t
         return mysql_affected_rows(conn->sock);
  }
  
-static ssize_t sql_escape_func(UNUSED request_t *request, char *out, size_t outlen, char const *in, void *arg)
+static ssize_t sql_escape_func(request_t *request, char *out, size_t outlen, char const *in, void *arg)
  {
         size_t                  inlen;
         connection_t            *c = talloc_get_type_abort(arg, connection_t);
-       rlm_sql_mysql_conn_t    *conn = talloc_get_type_abort(c->h, rlm_sql_mysql_conn_t);
+       rlm_sql_mysql_conn_t    *conn;
+
+       if ((c->state == CONNECTION_STATE_HALTED) || (c->state == CONNECTION_STATE_CLOSED)) {
+               ROPTIONAL(RERROR, ERROR, "Connection not available for escaping");
+               return -1;
+       }
+
+       conn = talloc_get_type_abort(c->h, rlm_sql_mysql_conn_t);
  
         /* Check for potential buffer overflow */
         inlen = strlen(in);
diff --git a/src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c b/src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c

index f6bb2bc55eae297e7d95f7aad8b89118b3918e9b..7da0a064c85bd50ba926cd5b1b7168c362891648 100644 (file)
--- a/src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c
+++ b/src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c
@@ -659,9 +659,16 @@ static ssize_t sql_escape_func(request_t *request, char *out, size_t outlen, cha
  {
         size_t                  inlen, ret;
         connection_t            *c = talloc_get_type_abort(arg, connection_t);
-       rlm_sql_postgres_conn_t *conn = talloc_get_type_abort(c->h, rlm_sql_postgres_conn_t);
+       rlm_sql_postgres_conn_t *conn;
         int                     err;
  
+       if ((c->state == CONNECTION_STATE_HALTED) || (c->state == CONNECTION_STATE_CLOSED)) {
+               ROPTIONAL(RERROR, ERROR, "Connection not available for escaping");
+               return -1;
+       }
+
+       conn = talloc_get_type_abort(c->h, rlm_sql_postgres_conn_t);
+
         /* Check for potential buffer overflow */
         inlen = strlen(in);
         if ((inlen * 2 + 1) > outlen) return 0;
author	Nick Porter <nick@portercomputing.co.uk>
	Tue, 22 Oct 2024 08:30:17 +0000 (09:30 +0100)
committer	Nick Porter <nick@portercomputing.co.uk>
	Tue, 22 Oct 2024 08:30:17 +0000 (09:30 +0100)
src/modules/rlm_sql/drivers/rlm_sql_mysql/rlm_sql_mysql.c		patch \| blob \| blame \| history
src/modules/rlm_sql/drivers/rlm_sql_postgresql/rlm_sql_postgresql.c		patch \| blob \| blame \| history