diff options
author | Sameer Prakash Pradhan <sp.pradhan@samsung.com> | 2018-05-28 17:24:44 +0530 |
---|---|---|
committer | Sameer Prakash Pradhan <sp.pradhan@samsung.com> | 2018-05-28 17:24:44 +0530 |
commit | 1e48124e2c21e077017a0e008d02878faa9b7f7e (patch) | |
tree | 1978b7d556c5d4d379e0812f5c951e125facab83 | |
parent | ff219c8bf4883c70ff3224769fc615626b7969c8 (diff) | |
download | email-service-1e48124e2c21e077017a0e008d02878faa9b7f7e.tar.gz email-service-1e48124e2c21e077017a0e008d02878faa9b7f7e.tar.bz2 email-service-1e48124e2c21e077017a0e008d02878faa9b7f7e.zip |
[Non-ACR][email-service][sql injection fix]
Change-Id: I8ea05e4e0eaccf48a3120dadc8439fdef0cbc19d
Signed-off-by: Sameer Prakash Pradhan <sp.pradhan@samsung.com>
-rwxr-xr-x | email-core/email-storage/email-storage.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/email-core/email-storage/email-storage.c b/email-core/email-storage/email-storage.c index bb86c67..336d830 100755 --- a/email-core/email-storage/email-storage.c +++ b/email-core/email-storage/email-storage.c @@ -1481,24 +1481,25 @@ static int emstorage_exec_query_by_prepare_v2_stmt(sqlite3 *local_db_handle, cha EMSTORAGE_PROTECTED_FUNC_CALL(sqlite3_prepare_v2(local_db_handle, query_string, EM_SAFE_STRLEN(query_string), &db_statement, NULL), rc); - _bind_stmt_field_data_string(db_statement, count++, target_mailbox_name, 0, EM_SAFE_STRLEN(target_mailbox_name)-1); + EM_DEBUG_DB_EXEC((SQLITE_OK != rc), {error = EMAIL_ERROR_DB_FAILURE; goto FINISH_OFF; }, + ("sqlite3_prepare_stmt failed [%d] [%s]", rc, query_string)); + + _bind_stmt_field_data_string(db_statement, count++, target_mailbox_name, 0, MAILBOX_NAME_LEN_IN_MAIL_BOX_TBL); _bind_stmt_field_data_int(db_statement, count++, input_mailbox_id); _bind_stmt_field_data_int(db_statement, count++, target_account_id); - EM_DEBUG_DB_EXEC((SQLITE_OK != rc), {error = EMAIL_ERROR_DB_FAILURE; goto FINISH_OFF; }, - ("sqlite3_prepare failed [%d] [%s]", rc, query_string)); EMSTORAGE_PROTECTED_FUNC_CALL(sqlite3_step(db_statement), rc); EM_DEBUG_DB_EXEC((rc != SQLITE_ROW && rc != SQLITE_DONE), {error = EMAIL_ERROR_DB_FAILURE; goto FINISH_OFF; }, - ("sqlite3_step failed [%d] [%s]", rc, query_string)); + ("sqlite3_step_stmt failed [%d] [%s]", rc, query_string)); FINISH_OFF: if (db_statement != NULL) { rc = sqlite3_finalize(db_statement); if (rc != SQLITE_OK) { - EM_DEBUG_EXCEPTION("sqlite3_finalize error [%d]", rc); + EM_DEBUG_EXCEPTION("sqlite3_finalize_stmt error [%d]", rc); error = EMAIL_ERROR_DB_FAILURE; } } @@ -9991,7 +9992,7 @@ INTERNAL_FUNC int emstorage_move_multiple_mails_on_db(char *multi_user_name, int EM_DEBUG_LOG_SEC("Query [%s]", sql_query_string); error = emstorage_exec_query_by_prepare_v2_stmt(local_db_handle, sql_query_string, target_mailbox_name, input_mailbox_id, target_account_id); if (error != EMAIL_ERROR_NONE) { - EM_DEBUG_EXCEPTION("emstorage_exec_query_by_prepare_v2 failed:[%d]", error); + EM_DEBUG_EXCEPTION("emstorage_exec_query_by_prepare_v2_stmt failed:[%d]", error); goto FINISH_OFF; } |