[OpenSIPS-Devel] [opensips] db_sqlite3 sql statements not escaped (#473)
Jarrod Baumann
notifications at github.com
Thu Apr 23 16:03:07 CEST 2015
This prevented the core dump:
```
diff --git a/modules/db_sqlite/val.c b/modules/db_sqlite/val.c
index ebd5afe..4234f2a 100644
--- a/modules/db_sqlite/val.c
+++ b/modules/db_sqlite/val.c
@@ -99,8 +99,8 @@ int db_sqlite_val2str(const db_con_t* _c, const db_val_t* _v, char
}
else
{
- sqlite3_snprintf(SQL_BUF_LEN, _s, "'%*q'",
- VAL_STRING(_v));
+ sqlite3_snprintf(SQL_BUF_LEN, _s, "'%.*q'",
+ l, VAL_STRING(_v));
*_len = strlen(_s);
_s += strlen(_s);
```
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/473#issuecomment-95596371
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/devel/attachments/20150423/6a4599db/attachment.htm>
More information about the Devel
mailing list