Permalink
Browse files

FR-AD-003 - Pass correct statement length into sqlite3_prepare[_v2]

  • Loading branch information...
arr2036 authored and alandekok committed Jul 5, 2017
1 parent a1eccee commit 62f7d2885ad02911f0ae71e7864d4805a489137b
Showing with 6 additions and 8 deletions.
  1. +6 −8 src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c
@@ -233,7 +233,7 @@ static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename)
ssize_t len;
int statement_cnt = 0;
char *buffer;
char *p, *q, *s;
char *p, *q;
int cl;
FILE *f;
struct stat finfo;
@@ -321,20 +321,18 @@ static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename)
/*
* Statement delimiter is ;\n
*/
s = p = buffer;
p = buffer;
while ((q = strchr(p, ';'))) {
if (q[1] != '\n') {
if ((q[1] != '\n') && (q[1] != '\0')) {
p = q + 1;
statement_cnt++;
continue;
}

*q = '\0';

#ifdef HAVE_SQLITE3_PREPARE_V2
status = sqlite3_prepare_v2(db, s, len, &statement, &z_tail);
status = sqlite3_prepare_v2(db, p, q - p, &statement, &z_tail);
#else
status = sqlite3_prepare(db, s, len, &statement, &z_tail);
status = sqlite3_prepare(db, p, q - p, &statement, &z_tail);
#endif

if (sql_check_error(db, status) != RLM_SQL_OK) {
@@ -359,7 +357,7 @@ static int sql_loadfile(TALLOC_CTX *ctx, sqlite3 *db, char const *filename)
}

statement_cnt++;
p = s = q + 1;
p = q + 1;
}

talloc_free(buffer);

0 comments on commit 62f7d28

Please sign in to comment.