[PATCH] osmo-msc[master]: sms db: properly quote MSISDN in various SQL queries

Tue, 05 Dec 2017 04:02:57 -0800 

Review at  https://gerrit.osmocom.org/5184

sms db: properly quote MSISDN in various SQL queries

Related: OS#2706
Change-Id: I793a3863e6f4ccbabafc7dabaff97a8c79bbd8e0
---
M src/libmsc/db.c
1 file changed, 18 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/84/5184/1

diff --git a/src/libmsc/db.c b/src/libmsc/db.c
index ca27b6a..eba4b1b 100644
--- a/src/libmsc/db.c
+++ b/src/libmsc/db.c
@@ -836,6 +836,7 @@
        struct gsm_network *net = vsub->vlr->user_ctx;
        dbi_result result;
        struct gsm_sms *sms;
+       char *q_msisdn;
 
        if (!vsub->lu_complete)
                return NULL;
@@ -844,13 +845,16 @@
        if (*vsub->msisdn == '\0')
                return NULL;
 
+       dbi_conn_quote_string_copy(conn, vsub->msisdn, &q_msisdn);
        result = dbi_conn_queryf(conn,
                "SELECT * FROM SMS"
                " WHERE sent IS NULL"
-               " AND dest_addr=%s"
+               " AND dest_addr = %s"
                " AND deliver_attempts <= %u"
                " ORDER BY id LIMIT 1",
-               vsub->msisdn, max_failed);
+               q_msisdn, max_failed);
+       free(q_msisdn);
+
        if (!result)
                return NULL;
 
@@ -872,14 +876,18 @@
 {
        dbi_result result;
        struct gsm_sms *sms;
+       char *q_last_msisdn;
 
+       dbi_conn_quote_string_copy(conn, last_msisdn, &q_last_msisdn);
        result = dbi_conn_queryf(conn,
                "SELECT * FROM SMS"
                " WHERE sent IS NULL"
-               " AND dest_addr > '%s'"
+               " AND dest_addr > %s"
                " AND deliver_attempts <= %u"
                " ORDER BY dest_addr, id LIMIT 1",
-               last_msisdn, max_failed);
+               q_last_msisdn, max_failed);
+       free(q_last_msisdn);
+
        if (!result)
                return NULL;
 
@@ -936,11 +944,16 @@
 int db_sms_delete_by_msisdn(const char *msisdn)
 {
        dbi_result result;
+       char *q_msisdn;
        if (!msisdn || !*msisdn)
                return 0;
+
+       dbi_conn_quote_string_copy(conn, msisdn, &q_msisdn);
        result = dbi_conn_queryf(conn,
                    "DELETE FROM SMS WHERE src_addr=%s OR dest_addr=%s",
-                   msisdn, msisdn);
+                   q_msisdn, q_msisdn);
+       free(q_msisdn);
+
        if (!result) {
                LOGP(DDB, LOGL_ERROR,
                     "Failed to delete SMS for %s\n", msisdn);

-- 
To view, visit https://gerrit.osmocom.org/5184
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I793a3863e6f4ccbabafc7dabaff97a8c79bbd8e0
Gerrit-PatchSet: 1
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofm...@sysmocom.de>

Reply via email to