warden/rlgwebd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sqlickrypt.c: finish switching to parametrized queries.

Browse source 
sqlickrypt should now be injection-resistant.
This commit is contained in:
John "Elwin" Edwards 2012-06-03 18:26:11 -07:00
parent 41c84bcd40
commit 6ed3b7c2ce
1 changed files with 41 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

80
sqlickrypt.c
View file

@ -9,26 +9,6 @@
#define DATABASE "/dgldir/dgamelaunch.db" #define DATABASE "/dgldir/dgamelaunch.db"
#define IBUFSIZE 200 #define IBUFSIZE 200
int xcallback(void *targ, int ncols, char **vals, char **colnames) {
char *pws;
int j;
pws = *((char **) targ);
if (pws == NULL) {
for (j = 0; j < ncols; j++) {
if (!strcmp(colnames[j], "password"))
*((char **) targ) = strdup(vals[j]);
}
}
/* Otherwise, this isn't the first row. */
return 0;
}
/* Simple callback, for checking if there are any matches. */
int searchcallback(void *targ, int ncols, char **vals, char **colnames) {
*((int *) targ) = 1;
return 0;
}
int check(char *uname, char *pw) { int check(char *uname, char *pw) {
char *pwhash, *comphash; char *pwhash, *comphash;
char *query = "SELECT password FROM dglusers WHERE username=?;"; char *query = "SELECT password FROM dglusers WHERE username=?;";
@ -76,33 +56,55 @@ int check(char *uname, char *pw) {
} }
int insertuser(char *uname, char *pw, char *email) { int insertuser(char *uname, char *pw, char *email) {
char finduser_sql[160]; char *checkquery = "SELECT * FROM dglusers WHERE username = ?;";
char *addquery = "INSERT INTO dglusers (username, password, email) VALUES (?, ?, ?);";
int status; int status;
sqlite3 *db; sqlite3 *db;
sqlite3_stmt *qstmt;
strcpy(finduser_sql, "BEGIN; SELECT * FROM dglusers WHERE username='");
strncat(finduser_sql, uname, 40);
strcat(finduser_sql, "';");
status = sqlite3_open(DATABASE, &db); status = sqlite3_open(DATABASE, &db);
if (status) { if (status) {
sqlite3_close(db); sqlite3_close(db);
return 1; return 3;
} }
status = 0; /* Check for existing account in the same transaction with creating it. */
sqlite3_exec(db, finduser_sql, searchcallback, (void *) &status, NULL); status = sqlite3_exec(db, "BEGIN;", NULL, NULL, NULL);
if (!status) { if (status) {
/* FIXME This is ugly, and email is unsanitzed. */ sqlite3_close(db);
strcpy(finduser_sql, "INSERT INTO dglusers (username, password, email) VALUES ('"); return 3;
strncat(finduser_sql, uname, 20);
strcat(finduser_sql, "', '");
strcat(finduser_sql, crypt(pw, pw));
strcat(finduser_sql, "', '");
strncat(finduser_sql, email, 40);
strcat(finduser_sql, "');");
sqlite3_exec(db, finduser_sql, NULL, NULL, NULL);
} }
sqlite3_exec(db, "COMMIT;", NULL, NULL, NULL); sqlite3_prepare_v2(db, checkquery, -1, &qstmt, NULL);
if (qstmt == NULL) {
sqlite3_close(db);
return 3;
}
sqlite3_bind_text(qstmt, 1, uname, -1, SQLITE_TRANSIENT);
status = sqlite3_step(qstmt);
if (status != SQLITE_DONE) {
sqlite3_finalize(qstmt);
sqlite3_close(db);
if (status == SQLITE_ROW)
return 1; /* User already exists */
return 3;
}
/* The username doesn't exist yet, so create a new account. */
sqlite3_finalize(qstmt);
sqlite3_prepare_v2(db, addquery, -1, &qstmt, NULL);
if (qstmt == NULL) {
sqlite3_close(db);
return 3;
}
sqlite3_bind_text(qstmt, 1, uname, -1, SQLITE_TRANSIENT);
sqlite3_bind_text(qstmt, 2, strdup(crypt(pw, pw)), -1, free);
sqlite3_bind_text(qstmt, 3, email, -1, SQLITE_TRANSIENT);
status = sqlite3_step(qstmt);
if (status != SQLITE_DONE) {
sqlite3_finalize(qstmt);
sqlite3_close(db);
return 3;
}
status = sqlite3_exec(db, "COMMIT;", NULL, NULL, NULL);
sqlite3_finalize(qstmt);
sqlite3_close(db); sqlite3_close(db);
return status; return status;
} }