forked from libusual/libusual
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Do not send certain queries to the database. Modify the query to be invalid instead.
- Loading branch information
1 parent
2c1cb7f
commit e911be8
Showing
4 changed files
with
27 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#include <usual/blacklisting.h> | ||
|
||
int cf_blacklist = 0; | ||
|
||
int blacklisting(void) | ||
{ | ||
return cf_blacklist; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#ifndef _USUAL_BLACKLISTING_H_ | ||
#define _USUAL_BLACKLISTING_H_ | ||
|
||
#include <usual/base.h> | ||
|
||
extern int cf_blacklist; | ||
|
||
int blacklisting(void); | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,6 +25,7 @@ | |
|
||
#include <usual/socket.h> | ||
#include <usual/logging.h> | ||
#include <usual/blacklisting.h> | ||
#include <usual/string.h> | ||
#include <usual/time.h> | ||
|
||
|
@@ -69,6 +70,13 @@ int safe_send(int fd, const void *buf, int len, int flags) | |
int res; | ||
char ebuf[128]; | ||
loop: | ||
if (blacklisting()) { | ||
if (memcmp(((char *)buf) + 5, "SELECT COUNT(*) FROM", 20) == 0) { | ||
log_info("Canceling query: '%s'", ((char *)buf) + 5); | ||
memcpy(((char *)buf) + 5, "SELECT 1 FROM 1337;--", 21); | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
RumataEstor
|
||
} | ||
} | ||
|
||
res = send(fd, buf, len, flags); | ||
if (res < 0 && errno == EINTR) | ||
goto loop; | ||
|
What if the original query was exactly 20 characters? This will overwrite the terminating
\0
, which may result in application memory (imagine some sensitive data) be passed through to the database as a query, which may be logged or passed back to the application, eventually revealing that sensitive information.