From: Eric Bollengier <eric@baculasystems.com>
Date: Wed, 6 Jan 2021 12:41:24 +0000 (+0100)
Subject: Fix #7247 About incorrect variable substitution with the query command
X-Git-Tag: Release-11.3.2~936
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e66abc15f5f4ee7f1eace74c46829d90754a7f66;p=thirdparty%2Fbacula.git

Fix #7247 About incorrect variable substitution with the query command

Description:
-----------

The following query.sql file was generating an incorrect SQL command

# 1
:Query to test substitutions
*Enter a
*Enter b
*Enter c
SELECT '%1' as "a", '%2' as "b", '%3' as "c", '%1' as "a", '%2' as "b", '%3' as "c";

Workaround:
----------

Do not reuse variable in the SQL command (add a new one) or tweak SQL to not reuse variables.
---

diff --git a/bacula/src/dird/ua_query.c b/bacula/src/dird/ua_query.c
index 0eb174f2e..c76172849 100644
--- a/bacula/src/dird/ua_query.c
+++ b/bacula/src/dird/ua_query.c
@@ -212,11 +212,13 @@ static POOLMEM *substitute_prompts(UAContext *ua,
                      q += 2;
                      break;
                   }
+                  /* Copy the new input to the subst table */
+                  len = strlen(ua->cmd);
+                  p = (char *)malloc(len * 2 + 1);
+                  db_escape_string(ua->jcr, ua->db, p, ua->cmd, len);
+                  subst[n] = p;
                }
-               len = strlen(ua->cmd);
-               p = (char *)malloc(len * 2 + 1);
-               db_escape_string(ua->jcr, ua->db, p, ua->cmd, len);
-               subst[n] = p;
+               p = subst[n];
                olen = o - new_query;
                new_query = check_pool_memory_size(new_query, olen + strlen(p) + 10);
                o = new_query + olen;