[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r5336 - in trunk/OpenDNSSEC: . enforcer/ksm enforcer/ksm/include/ksm enforcer/test/cunit

Sion Lloyd sion at nominet.org.uk
Fri Jul 15 14:53:09 CEST 2011


Author: sion
Date: 2011-07-15 14:53:09 +0200 (Fri, 15 Jul 2011)
New Revision: 5336

Modified:
   trunk/OpenDNSSEC/NEWS
   trunk/OpenDNSSEC/enforcer/ksm/database_support_lite.c
   trunk/OpenDNSSEC/enforcer/ksm/database_support_mysql.c
   trunk/OpenDNSSEC/enforcer/ksm/dq_string.c
   trunk/OpenDNSSEC/enforcer/ksm/du_string.c
   trunk/OpenDNSSEC/enforcer/ksm/include/ksm/database.h
   trunk/OpenDNSSEC/enforcer/ksm/ksm_import.c
   trunk/OpenDNSSEC/enforcer/ksm/ksm_policy.c
   trunk/OpenDNSSEC/enforcer/test/cunit/test_dd_string.c
   trunk/OpenDNSSEC/enforcer/test/cunit/test_dq_string.c
   trunk/OpenDNSSEC/enforcer/test/cunit/test_du_string.c
Log:
Quote special character using the DB engines own routines. We only do this for policy description. Pivotal story 12784455; trac tickets 137 & 232.


Modified: trunk/OpenDNSSEC/NEWS
===================================================================
--- trunk/OpenDNSSEC/NEWS	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/NEWS	2011-07-15 12:53:09 UTC (rev 5336)
@@ -13,6 +13,7 @@
   daemon output intermittently.
 * Signer Engine: Also replace DNSKEYs if <DNSKEY><TTL> has changed in policy.
 * ods-ksmutil: "update kasp" now reflects changes in policy descriptions.
+* ods-ksmutil: Policy descriptions now have special characters quoted.
 
 
 OpenDNSSEC 1.3.0rc1 - 2011-04-21

Modified: trunk/OpenDNSSEC/enforcer/ksm/database_support_lite.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/database_support_lite.c	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/ksm/database_support_lite.c	2011-07-15 12:53:09 UTC (rev 5336)
@@ -474,3 +474,42 @@
 
 	return (*id != 0) ? 0 : DBS_NOSUCHROW;
 }
+
+/*+
+ * DbQuoteString - Return quoted version of the input string
+ *
+ * Description:
+ * 		Return quoted version of the input string
+ *
+ * Arguments:
+ * 		DB_HANDLE handle
+ * 			Handle to the database connection. (not used, but needed for MySQL
+ *			version).
+ *
+ * 		const char* in
+ * 			String to quote
+ *
+ * 		char* buffer
+ * 			Quoted string
+ *
+ * Returns:
+ * 		int
+ * 			Status return
+ *
+ * 				0		Success
+ * 				Other	Error code.  An error message will have been output.
+-*/
+
+int DbQuoteString(DB_HANDLE handle, const char* in, char* buffer, size_t buflen)
+{
+
+	char*	data = NULL;	/* Data from sqlite quote fn. */
+
+    if (in == NULL) {
+        return MsgLog(DBS_INVARG, "NULL input string to DbQuoteString");
+    }
+
+	sqlite3_snprintf(buflen, buffer, "%q", in);
+
+	return ( strlen(buffer) == 0 ) ? 1 : 0;
+}

Modified: trunk/OpenDNSSEC/enforcer/ksm/database_support_mysql.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/database_support_mysql.c	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/ksm/database_support_mysql.c	2011-07-15 12:53:09 UTC (rev 5336)
@@ -468,3 +468,42 @@
 
 	return (*id != 0) ? 0 : DBS_NOSUCHROW;
 }
+
+/*+
+ * DbQuoteString - Return quoted version of the input string
+ *
+ * Description:
+ * 		Return quoted version of the input string
+ *
+ * Arguments:
+ * 		DB_HANDLE handle
+ * 			Handle to the database connection. (MySQL checks character set of
+ *												current connection).
+ *
+ * 		const char* in
+ * 			String to quote
+ *
+ * 		char* buffer
+ * 			Quoted string
+ *
+ * Returns:
+ * 		int
+ * 			Status return
+ *
+ * 				0		Success
+ * 				Other	Error code.  An error message will have been output.
+-*/
+
+int DbQuoteString(DB_HANDLE handle, const char* in, char* buffer, size_t buflen)
+{
+
+	unsigned long	length = 0;
+
+    if (in == NULL) {
+        return MsgLog(DBS_INVARG, "NULL input string to DbQuoteString");
+    }
+
+	length = mysql_real_escape_string((MYSQL*) handle, buffer, in, (unsigned long) strlen(in));
+
+	return ( length <= buflen ) ? 0 : 1;
+}

Modified: trunk/OpenDNSSEC/enforcer/ksm/dq_string.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/dq_string.c	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/ksm/dq_string.c	2011-07-15 12:53:09 UTC (rev 5336)
@@ -243,9 +243,9 @@
     StrAppend(query, (index == 0) ? " WHERE " : " AND ");
     StrAppend(query, field);
     DqsAppendComparison(query, compare);
-    StrAppend(query, "\"");
+    StrAppend(query, "'");
     StrAppend(query, value);
-    StrAppend(query, "\"");
+    StrAppend(query, "'");
 
     return;
 }

Modified: trunk/OpenDNSSEC/enforcer/ksm/du_string.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/du_string.c	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/ksm/du_string.c	2011-07-15 12:53:09 UTC (rev 5336)
@@ -122,9 +122,9 @@
     StrAppend(sql, " = ");
 
     if (data) {
-        StrAppend(sql, "\"");
+        StrAppend(sql, "'");
         StrAppend(sql, data);
-        StrAppend(sql, "\"");
+        StrAppend(sql, "'");
     }
     else {
         StrAppend(sql, "NULL");

Modified: trunk/OpenDNSSEC/enforcer/ksm/include/ksm/database.h
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/include/ksm/database.h	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/ksm/include/ksm/database.h	2011-07-15 12:53:09 UTC (rev 5336)
@@ -145,6 +145,9 @@
 int DbCommit(void);
 int DbRollback(void);
 
+/* Utility "quote" function */
+int DbQuoteString(DB_HANDLE handle, const char* in, char* buffer, size_t buflen);
+
 /* What sort of DB are we running */
 
 int DbFlavour(void);

Modified: trunk/OpenDNSSEC/enforcer/ksm/ksm_import.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/ksm_import.c	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/ksm/ksm_import.c	2011-07-15 12:53:09 UTC (rev 5336)
@@ -151,15 +151,24 @@
     char*       sql = NULL;     /* SQL query */
     int         status = 0;     /* Status return */
 
+	char        quoted_desc[KSM_POLICY_DESC_LENGTH];   /* with bad chars quoted */
+
     /* check the main argument (description may be NULL) */
     if (policy_name == NULL) {
         return MsgLog(KSM_INVARG, "NULL policy name");
     }
 
+	/* Quote description */
+    status = DbQuoteString(DbHandle(), policy_description, quoted_desc, KSM_POLICY_DESC_LENGTH);
+
+	if (status != 0) {
+		return status;
+	}
+
     /* Insert policy */
     sql = DisSpecifyInit("policies", "name, description");
     DisAppendString(&sql, policy_name);
-    DisAppendString(&sql, policy_description);
+    DisAppendString(&sql, quoted_desc);
     DisEnd(&sql);
 
     status = DbExecuteSqlNoResult(DbHandle(), sql);

Modified: trunk/OpenDNSSEC/enforcer/ksm/ksm_policy.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/ksm_policy.c	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/ksm/ksm_policy.c	2011-07-15 12:53:09 UTC (rev 5336)
@@ -617,7 +617,7 @@
             /* write these back to the database */
 #ifdef USE_MYSQL
             nchar = snprintf(buffer, sizeof(buffer),
-                    "UPDATE policies SET salt = '%s', salt_stamp = \"%s\" WHERE ID = %lu",
+                    "UPDATE policies SET salt = '%s', salt_stamp = '%s' WHERE ID = %lu",
                     policy->denial->salt, policy->denial->salt_stamp, (unsigned long) policy->id);
 #else
             nchar = snprintf(buffer, sizeof(buffer),
@@ -921,14 +921,22 @@
     char*       sql = NULL;     /* SQL query */
     int         status = 0;     /* Status return */
 
+	char        quoted_desc[KSM_POLICY_DESC_LENGTH];   /* with bad chars quoted */
     /* check the main argument (description may be NULL) */
     if (policy_id <= 0) {
         return MsgLog(KSM_INVARG, "NULL policy id");
     }
 
-    /* Insert policy */
+	/* Quote description */
+    status = DbQuoteString(DbHandle(), policy_description, quoted_desc, KSM_POLICY_DESC_LENGTH);
+
+	if (status != 0) {
+		return status;
+	}
+
+    /* Update policy */
     sql = DusInit("policies");
-	DusSetString(&sql, "description", policy_description, 0);
+	DusSetString(&sql, "description", quoted_desc, 0);
 	DusConditionInt(&sql, "id", DQS_COMPARE_EQ, policy_id, 0);
     DusEnd(&sql);
 

Modified: trunk/OpenDNSSEC/enforcer/test/cunit/test_dd_string.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/test/cunit/test_dd_string.c	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/test/cunit/test_dd_string.c	2011-07-15 12:53:09 UTC (rev 5336)
@@ -113,9 +113,9 @@
 	char*	sql = NULL;
 	int		clause = 0;
 	static const char* TEST = 
-		"DELETE FROM TEST WHERE ALPHA < \"PETER\" AND BETA <= \"PIPER\" "
-		"AND GAMMA = \"PICKED\" AND DELTA != \"A\" AND EPSILON >= \"PECK\" "
-		"AND ZETA > \"OF\"";
+		"DELETE FROM TEST WHERE ALPHA < 'PETER' AND BETA <= 'PIPER' "
+		"AND GAMMA = 'PICKED' AND DELTA != 'A' AND EPSILON >= 'PECK' "
+		"AND ZETA > 'OF'";
 
 	sql = DdsInit("TEST");
 	DdsConditionString(&sql, "ALPHA", DQS_COMPARE_LT, "PETER", clause++);

Modified: trunk/OpenDNSSEC/enforcer/test/cunit/test_dq_string.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/test/cunit/test_dq_string.c	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/test/cunit/test_dq_string.c	2011-07-15 12:53:09 UTC (rev 5336)
@@ -119,9 +119,9 @@
 	char*	sql = NULL;
 	int		clause = 0;
 	static const char* TEST = 
-		"SELECT * FROM TEST WHERE ALPHA < \"PETER\" AND BETA <= \"PIPER\" "
-		"AND GAMMA = \"PICKED\" AND DELTA != \"A\" AND EPSILON >= \"PECK\" "
-		"AND ZETA > \"OF\"";
+		"SELECT * FROM TEST WHERE ALPHA < 'PETER' AND BETA <= 'PIPER' "
+		"AND GAMMA = 'PICKED' AND DELTA != 'A' AND EPSILON >= 'PECK' "
+		"AND ZETA > 'OF'";
 
 	sql = DqsInit("TEST");
 	DqsConditionString(&sql, "ALPHA", DQS_COMPARE_LT, "PETER", clause++);

Modified: trunk/OpenDNSSEC/enforcer/test/cunit/test_du_string.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/test/cunit/test_du_string.c	2011-07-15 12:25:19 UTC (rev 5335)
+++ trunk/OpenDNSSEC/enforcer/test/cunit/test_du_string.c	2011-07-15 12:53:09 UTC (rev 5336)
@@ -108,7 +108,7 @@
 	DusSetString(&sql, "ALPHA", "XYZZY", set++);
 	DusEnd(&sql);
 
-	CU_ASSERT_STRING_EQUAL(sql, "UPDATE TEST SET ALPHA = \"XYZZY\"");
+	CU_ASSERT_STRING_EQUAL(sql, "UPDATE TEST SET ALPHA = 'XYZZY'");
 	DusFree(sql);
 
 	/* Check a single string update of a NULL value */
@@ -130,7 +130,7 @@
 	DusEnd(&sql);
 
 	CU_ASSERT_STRING_EQUAL(sql,
-		"UPDATE TEST SET ALPHA = \"XYZZY\", BETA = NULL");
+		"UPDATE TEST SET ALPHA = 'XYZZY', BETA = NULL");
 	DusFree(sql);
 
 	return;
@@ -184,9 +184,9 @@
 	int		where = 0;
 	static const char* TEST = 
 		"UPDATE TEST SET ALPHA = 0 "
-		"WHERE ALPHA < \"PETER\" AND BETA <= \"PIPER\" "
-		"AND GAMMA = \"PICKED\" AND DELTA != \"A\" AND EPSILON >= \"PECK\" "
-		"AND ZETA > \"OF\"";
+		"WHERE ALPHA < 'PETER' AND BETA <= 'PIPER' "
+		"AND GAMMA = 'PICKED' AND DELTA != 'A' AND EPSILON >= 'PECK' "
+		"AND ZETA > 'OF'";
 
 	sql = DusInit("TEST");
 	DusSetInt(&sql, "ALPHA", 0, set++);
@@ -219,14 +219,14 @@
 	int		set = 0;
 	int		where = 0;
 	static const char* TEST = 
-		"UPDATE TEST SET ALPHA = 0, BETA = \"GIMMEL\" WHERE ALPHA IN (1, 2, 3) "
-		"AND BETA IN (\"ALEPH\", \"BETH\")";
+		"UPDATE TEST SET ALPHA = 0, BETA = 'GIMMEL' WHERE ALPHA IN (1, 2, 3) "
+		"AND BETA IN ('ALEPH', 'BETH')";
 
 	sql = DusInit("TEST");
 	DusSetInt(&sql, "ALPHA", 0, set++);
 	DusSetString(&sql, "BETA", "GIMMEL", set++);
 	DusConditionKeyword(&sql, "ALPHA", DQS_COMPARE_IN, "(1, 2, 3)", where++);
-	DusConditionKeyword(&sql, "BETA", DQS_COMPARE_IN, "(\"ALEPH\", \"BETH\")",
+	DusConditionKeyword(&sql, "BETA", DQS_COMPARE_IN, "('ALEPH', 'BETH')",
 		where++);
 	DusEnd(&sql);
 




More information about the Opendnssec-commits mailing list