Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Analyze query does not escape input [security] #4021

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

Analyze query does not escape input [security] #4021

monetdb-team opened this issue Nov 30, 2020 · 0 comments

Comments

@monetdb-team
Copy link

@monetdb-team monetdb-team commented Nov 30, 2020

Date: 2016-06-08 21:38:56 +0200
From: @skinkie
To: SQL devs <>
Version: 11.21.19 (Jul2015-SP4)

Last updated: 2016-07-22 09:56:07 +0200

Comment 22200

Date: 2016-06-08 21:38:56 +0200
From: @skinkie

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/49.0.2623.108 Chrome/49.0.2623.108 Safari/537.36
Build Identifier:

ANALYZE sys.kv17_20151208;
!42000!syntax error, unexpected IDENT, expecting ')' or ',' in: "insert into sys.statistics values(15725,'clob',2,now(),23031,23031,21,0,'"'s"

Reproducible: Always

MonetDB 5 server v11.24.0 (64-bit, 64-bit oids, 128-bit integers)
This is an unreleased version
Copyright (c) 1993-July 2008 CWI
Copyright (c) August 2008-2016 MonetDB B.V., all rights reserved
Visit http://www.monetdb.org/ for further information
Found 62.8GiB available memory, 8 available cpu cores
Libraries:
libpcre: 8.38 2015-11-23 (compiled with 8.38)
openssl: OpenSSL 1.0.2h 3 May 2016 (compiled with OpenSSL 1.0.2h 3 May 2016)
libxml2: 2.9.4 (compiled with 2.9.4)
Compiled by: skinkie@chamechaude (x86_64-pc-linux-gnu)
Compilation: gcc -O3 -pipe -Werror -Wall -Wextra -W -Werror-implicit-function-declaration -Wpointer-arith -Wdeclaration-after-statement -Wundef -Wformat=2 -Wno-format-nonliteral -Winit-self -Winvalid-pch -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wold-style-definition -Wpacked -Wunknown-pragmas -Wvariadic-macros -fstack-protector-all -Wstack-protector -Wpacked-bitfield-compat -Wsync-nand -Wjump-misses-init -Wmissing-include-dirs -Wlogical-op -Wunreachable-code
Linking : /usr/x86_64-pc-linux-gnu/bin/ld -m elf_x86_64

Marking this as critical because it seems that someone inserting the correct content might be able to temper with escaping.

Comment 22228

Date: 2016-07-05 15:34:12 +0200
From: MonetDB Mercurial Repository <>

Changeset 1572a42868fa made by Sjoerd Mullender sjoerd@acm.org in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=1572a42868fa

Changeset description:

Create and use a variant of strToStr to convert value for inclusion in SQL query.
This fixes bug #4021.

Comment 22229

Date: 2016-07-05 15:42:50 +0200
From: MonetDB Mercurial Repository <>

Changeset f94345f8e81b made by Sjoerd Mullender sjoerd@acm.org in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=f94345f8e81b

Changeset description:

Test for bug #4021.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant