subject:"\[libvirt\] \[PATCH v2 2\/3\] hyperv\: Escape WQL queries"

Re: [libvirt] [PATCH v2 2/3] hyperv: Escape WQL queries

2017-10-17 Thread Ladi Prosek

On Mon, Oct 16, 2017 at 3:58 PM, John Ferlan wrote: > > > On 10/06/2017 02:47 AM, Ladi Prosek wrote: >> The code was vulnerable to SQL injection. Likely not a security issue due to >> WMI SQL and other constraints but still lame. For example: >> >> virsh # dominfo \" >>

Re: [libvirt] [PATCH v2 2/3] hyperv: Escape WQL queries

2017-10-16 Thread John Ferlan

On 10/06/2017 02:47 AM, Ladi Prosek wrote: > The code was vulnerable to SQL injection. Likely not a security issue due to > WMI SQL and other constraints but still lame. For example: > > virsh # dominfo \" > error: failed to get domain '"' > error: internal error: SOAP fault during

[libvirt] [PATCH v2 2/3] hyperv: Escape WQL queries

2017-10-06 Thread Ladi Prosek

The code was vulnerable to SQL injection. Likely not a security issue due to WMI SQL and other constraints but still lame. For example: virsh # dominfo \" error: failed to get domain '"' error: internal error: SOAP fault during enumeration: code 's:Sender', subcode