From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 13 Nov 2025 02:26:06 +0000 (-0500)
Subject: enum names might not be safe for SQL
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9161cffccaf7a9b4af4465e9e6c3fcdd29bdb404;p=thirdparty%2Ffreeradius-server.git

enum names might not be safe for SQL
---

diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c
index 0e37d91601d..fc8245d7d5b 100644
--- a/src/modules/rlm_sql/rlm_sql.c
+++ b/src/modules/rlm_sql/rlm_sql.c
@@ -356,6 +356,32 @@ static int CC_HINT(nonnull(2,3)) sql_xlat_escape(request_t *request, fr_value_bo
 	 */
 	if (fr_value_box_is_safe_for(vb, inst->driver)) return 0;
 
+	/*
+	 *	Don't print "::" for enum names.  Instead we convert
+	 *	the box to a string which contains the enum name, and
+	 *	then see if we need to escape it.
+	 */
+	if (vb->enumv && vb->enumv->flags.has_value) {
+		char const *name;
+
+		name = fr_dict_enum_name_by_value(vb->enumv, vb);
+		if (name) {
+			int rcode;
+
+			/*
+			 *	Store list pointers to restore later - fr_value_box_cast clears them
+			 */
+			fr_value_box_entry_t entry = vb->entry;
+
+			rcode = fr_value_box_strdup(vb, vb, NULL, name, false);
+			vb->entry = entry;
+
+			if (rcode < 0) return rcode;
+
+			goto check_escape_arg;
+		}
+	}
+
 	/*
 	 *	No need to escape types with inherently safe data
 	 */
@@ -370,6 +396,7 @@ static int CC_HINT(nonnull(2,3)) sql_xlat_escape(request_t *request, fr_value_bo
 		break;
 	}
 
+check_escape_arg:
 	if (inst->sql_escape_arg) {
 		arg = inst->sql_escape_arg;
 	} else if (thread->sql_escape_arg) {