diff options
-rw-r--r-- | src/modules/extra/m_mssql.cpp | 96 | ||||
-rw-r--r-- | src/modules/extra/m_mysql.cpp | 80 | ||||
-rw-r--r-- | src/modules/extra/m_pgsql.cpp | 89 | ||||
-rw-r--r-- | src/modules/extra/m_sqlite3.cpp | 82 |
4 files changed, 317 insertions, 30 deletions
diff --git a/src/modules/extra/m_mssql.cpp b/src/modules/extra/m_mssql.cpp index 321a11ed2..65f86e9ac 100644 --- a/src/modules/extra/m_mssql.cpp +++ b/src/modules/extra/m_mssql.cpp @@ -34,6 +34,19 @@ class ModuleMsSQL; typedef std::map<std::string, SQLConn*> ConnMap; typedef std::deque<MsSQLResult*> ResultQueue; +unsigned long count(const char * const str, char a) +{ + unsigned long n = 0; + const char *p = reinterpret_cast<const char *>(str); + + while ((p = strchr(p, a)) != NULL) + { + ++p; + ++n; + } + return n; +} + ResultNotifier* notifier = NULL; MsSQLListener* listener = NULL; int QueueFD = -1; @@ -346,30 +359,101 @@ class SQLConn : public classbase char* queryend; /* Total length of the unescaped parameters */ - unsigned long paramlen; + unsigned long maxparamlen, paramcount; /* Total length of query, used for binary-safety */ unsigned long querylength = 0; - paramlen = 0; + /* The length of the longest parameter */ + maxparamlen = 0; + for(ParamL::iterator i = req.query.p.begin(); i != req.query.p.end(); i++) { - paramlen += i->size(); + if (i->size() > maxparamlen) + maxparamlen = i->size(); } + /* How many params are there in the query? */ + paramcount = count(req.query.q.c_str(), '?'); + + /* This stores copy of params to be inserted with using numbered params 1;3B*/ + ParamL paramscopy(req.query.p); + /* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be. - * sizeofquery + (totalparamlength*2) + 1 + * sizeofquery + (maxtotalparamlength*2) + 1 * * The +1 is for null-terminating the string */ - query = new char[req.query.q.length() + (paramlen*2) + 1]; + + query = new char[req.query.q.length() + (maxparamlen*paramcount*2) + 1]; queryend = query; for(unsigned long i = 0; i < req.query.q.length(); i++) { if(req.query.q[i] == '?') { - if(req.query.p.size()) + /* We found a place to substitute..what fun. + * use mssql calls to escape and write the + * escaped string onto the end of our query buffer, + * then we "just" need to make sure queryend is + * pointing at the right place. + */ + + /* Is it numbered parameter? + */ + + bool numbered; + numbered = false; + + /* Numbered parameter number :| + */ + unsigned int paramnum; + paramnum = 0; + + /* Let's check if it's a numbered param. And also calculate it's number. + */ + + while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9')) + { + numbered = true; + ++i; + paramnum = paramnum * 10 + req.query.q[i] - '0'; + } + + if (paramnum > paramscopy.size() - 1) + { + /* index is out of range! + */ + numbered = false; + } + + if (numbered) + { + /* Custom escaping for this one. converting ' to '' should make SQL Server happy. Ugly but fast :] + */ + char* escaped = new char[(paramscopy[paramnum].length() * 2) + 1]; + char* escend = escaped; + for (std::string::iterator p = paramscopy[paramnum].begin(); p < paramscopy[paramnum].end(); p++) + { + if (*p == '\'') + { + *escend = *p; + escend++; + *escend = *p; + } + *escend = *p; + escend++; + } + *escend = 0; + + for (char* n = escaped; *n; n++) + { + *queryend = *n; + queryend++; + } + delete[] escaped; + } + else if (req.query.p.size()) { /* Custom escaping for this one. converting ' to '' should make SQL Server happy. Ugly but fast :] */ diff --git a/src/modules/extra/m_mysql.cpp b/src/modules/extra/m_mysql.cpp index 77e28eb99..339f13309 100644 --- a/src/modules/extra/m_mysql.cpp +++ b/src/modules/extra/m_mysql.cpp @@ -74,6 +74,20 @@ int QueueFD = -1; class DispatcherThread; +unsigned long count(const char * const str, char a) +{ + unsigned long n = 0; + const char *p = reinterpret_cast<const char *>(str); + + while ((p = strchr(p, a)) != NULL) + { + ++p; + ++n; + } + return n; +} + + /** MySQL module * */ class ModuleSQL : public Module @@ -346,25 +360,33 @@ class SQLConnection : public classbase char* queryend; /* Total length of the unescaped parameters */ - unsigned long paramlen; + unsigned long maxparamlen, paramcount; /* Total length of query, used for binary-safety in mysql_real_query */ unsigned long querylength = 0; - paramlen = 0; + /* The length of the longest parameter */ + maxparamlen = 0; for(ParamL::iterator i = req.query.p.begin(); i != req.query.p.end(); i++) { - paramlen += i->size(); + if (i->size() > maxparamlen) + maxparamlen = i->size(); } + /* How many params are there in the query? */ + paramcount = count(req.query.q.c_str(), '?'); + + /* This stores copy of params to be inserted with using numbered params 1;3B*/ + ParamL paramscopy(req.query.p); + /* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be. - * sizeofquery + (totalparamlength*2) + 1 + * sizeofquery + (maxtotalparamlength*2) + 1 * * The +1 is for null-terminating the string for mysql_real_escape_string */ - query = new char[req.query.q.length() + (paramlen*2) + 1]; + query = new char[req.query.q.length() + (maxparamlen*paramcount*2) + 1]; queryend = query; /* Okay, now we have a buffer large enough we need to start copying the query into it and escaping and substituting @@ -381,7 +403,42 @@ class SQLConnection : public classbase * then we "just" need to make sure queryend is * pointing at the right place. */ - if(req.query.p.size()) + + /* Is it numbered parameter? + */ + + bool numbered; + numbered = false; + + /* Numbered parameter number :| + */ + unsigned int paramnum; + paramnum = 0; + + /* Let's check if it's a numbered param. And also calculate it's number. + */ + + while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9')) + { + numbered = true; + ++i; + paramnum = paramnum * 10 + req.query.q[i] - '0'; + } + + if (paramnum > paramscopy.size() - 1) + { + /* index is out of range! + */ + numbered = false; + } + + if (numbered) + { + unsigned long len = mysql_real_escape_string(&connection, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length()); + + queryend += len; + } + else if (req.query.p.size()) { unsigned long len = mysql_real_escape_string(&connection, queryend, req.query.p.front().c_str(), req.query.p.front().length()); @@ -445,7 +502,8 @@ class SQLConnection : public classbase bool ConnectionLost() { - if (&connection) { + if (&connection) + { return (mysql_ping(&connection) != 0); } else return false; @@ -453,7 +511,8 @@ class SQLConnection : public classbase bool CheckConnection() { - if (ConnectionLost()) { + if (ConnectionLost()) + { return Connect(); } else return true; @@ -723,7 +782,8 @@ class MySQLListener : public ListenSocketBase virtual void OnAcceptReady(const std::string &ipconnectedto, int nfd, const std::string &incomingip) { - new Notifier(this->Parent, this->ServerInstance, nfd, (char *)ipconnectedto.c_str()); // XXX unsafe casts suck + // XXX unsafe casts suck + new Notifier(this->Parent, this->ServerInstance, nfd, (char *)ipconnectedto.c_str()); } /* Using getsockname and ntohs, we can determine which port number we were allocated */ @@ -933,5 +993,5 @@ void DispatcherThread::Run() } } -MODULE_INIT(ModuleSQL) +MODULE_INIT(ModuleSQL) diff --git a/src/modules/extra/m_pgsql.cpp b/src/modules/extra/m_pgsql.cpp index 2c586e1b3..0484646df 100644 --- a/src/modules/extra/m_pgsql.cpp +++ b/src/modules/extra/m_pgsql.cpp @@ -44,6 +44,19 @@ typedef std::map<std::string, SQLConn*> ConnMap; */ enum SQLstatus { CREAD, CWRITE, WREAD, WWRITE, RREAD, RWRITE }; +unsigned long count(const char * const str, char a) +{ + unsigned long n = 0; + const char *p = reinterpret_cast<const char *>(str); + + while ((p = strchr(p, a)) != NULL) + { + ++p; + ++n; + } + return n; +} + /** SQLhost::GetDSN() - Overload to return correct DSN for PostgreSQL */ std::string SQLhost::GetDSN() @@ -466,7 +479,8 @@ class SQLConn : public EventHandler case PGRES_FATAL_ERROR: reply.error.Id(SQL_QREPLY_FAIL); reply.error.Str(PQresultErrorMessage(result)); - default:; + default: + ; /* No action, other values are not errors */ } @@ -571,23 +585,35 @@ class SQLConn : public EventHandler char* query; /* Pointer to the current end of query, where we append new stuff */ char* queryend; + /* Total length of the unescaped parameters */ - unsigned int paramlen; + unsigned long maxparamlen, paramcount; + + /* Total length of query, used for binary-safety */ + unsigned long querylength = 0; - paramlen = 0; + /* The length of the longest parameter */ + maxparamlen = 0; for(ParamL::iterator i = req.query.p.begin(); i != req.query.p.end(); i++) { - paramlen += i->size(); + if (i->size() > maxparamlen) + maxparamlen = i->size(); } + /* How many params are there in the query? */ + paramcount = count(req.query.q.c_str(), '?'); + + /* This stores copy of params to be inserted with using numbered params 1;3B*/ + ParamL paramscopy(req.query.p); + /* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be. - * sizeofquery + (totalparamlength*2) + 1 + * sizeofquery + (maxtotalparamlength*2) + 1 * * The +1 is for null-terminating the string for PQsendQuery() */ - query = new char[req.query.q.length() + (paramlen*2) + 1]; + query = new char[req.query.q.length() + (maxparamlen*paramcount*2) + 1]; queryend = query; /* Okay, now we have a buffer large enough we need to start copying the query into it and escaping and substituting @@ -605,7 +631,53 @@ class SQLConn : public EventHandler * pointing at the right place. */ - if(req.query.p.size()) + /* Is it numbered parameter? + */ + + bool numbered; + numbered = false; + + /* Numbered parameter number :| + */ + unsigned int paramnum; + paramnum = 0; + + /* Let's check if it's a numbered param. And also calculate it's number. + */ + + while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9')) + { + numbered = true; + ++i; + paramnum = paramnum * 10 + req.query.q[i] - '0'; + } + + if (paramnum > paramscopy.size() - 1) + { + /* index is out of range! + */ + numbered = false; + } + + if (numbered) + { + int error = 0; + size_t len = 0; + +#ifdef PGSQL_HAS_ESCAPECONN + len = PQescapeStringConn(sql, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length(), &error); +#else + len = PQescapeString (queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length()); +#endif + if (error) + { + ServerInstance->Logs->Log("m_pgsql", DEBUG, "BUG: Apparently PQescapeStringConn() failed somehow...don't know how or what to do..."); + } + + /* Incremenet queryend to the end of the newly escaped parameter */ + queryend += len; + } + else if (req.query.p.size()) { int error = 0; size_t len = 0; @@ -685,7 +757,8 @@ class SQLConn : public EventHandler return confhost; } - void Close() { + void Close() + { if (!this->ServerInstance->SE->DelFd(this)) { if (sql && PQstatus(sql) == CONNECTION_BAD) diff --git a/src/modules/extra/m_sqlite3.cpp b/src/modules/extra/m_sqlite3.cpp index e300d29ae..d174ce8aa 100644 --- a/src/modules/extra/m_sqlite3.cpp +++ b/src/modules/extra/m_sqlite3.cpp @@ -31,6 +31,19 @@ typedef std::map<std::string, SQLConn*> ConnMap; typedef std::deque<classbase*> paramlist; typedef std::deque<SQLite3Result*> ResultQueue; +unsigned long count(const char * const str, char a) +{ + unsigned long n = 0; + const char *p = reinterpret_cast<const char *>(str); + + while ((p = strchr(p, a)) != NULL) + { + ++p; + ++n; + } + return n; +} + ResultNotifier* notifier = NULL; SQLiteListener* listener = NULL; int QueueFD = -1; @@ -293,30 +306,87 @@ class SQLConn : public classbase char* queryend; /* Total length of the unescaped parameters */ - unsigned long paramlen; + unsigned long maxparamlen, paramcount; /* Total length of query, used for binary-safety */ unsigned long querylength = 0; - paramlen = 0; + /* The length of the longest parameter */ + maxparamlen = 0; + for(ParamL::iterator i = req.query.p.begin(); i != req.query.p.end(); i++) { - paramlen += i->size(); + if (i->size() > maxparamlen) + maxparamlen = i->size(); } + /* How many params are there in the query? */ + paramcount = count(req.query.q.c_str(), '?'); + + /* This stores copy of params to be inserted with using numbered params 1;3B*/ + ParamL paramscopy(req.query.p); + /* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be. - * sizeofquery + (totalparamlength*2) + 1 + * sizeofquery + (maxtotalparamlength*2) + 1 * * The +1 is for null-terminating the string */ - query = new char[req.query.q.length() + (paramlen*2) + 1]; + + query = new char[req.query.q.length() + (maxparamlen*paramcount*2) + 1]; queryend = query; for(unsigned long i = 0; i < req.query.q.length(); i++) { if(req.query.q[i] == '?') { - if(req.query.p.size()) + /* We found a place to substitute..what fun. + * use sqlite calls to escape and write the + * escaped string onto the end of our query buffer, + * then we "just" need to make sure queryend is + * pointing at the right place. + */ + + /* Is it numbered parameter? + */ + + bool numbered; + numbered = false; + + /* Numbered parameter number :| + */ + unsigned int paramnum; + paramnum = 0; + + /* Let's check if it's a numbered param. And also calculate it's number. + */ + + while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9')) + { + numbered = true; + ++i; + paramnum = paramnum * 10 + req.query.q[i] - '0'; + } + + if (paramnum > paramscopy.size() - 1) + { + /* index is out of range! + */ + numbered = false; + } + + + if (numbered) + { + char* escaped; + escaped = sqlite3_mprintf("%q", paramscopy[paramnum].c_str()); + for (char* n = escaped; *n; n++) + { + *queryend = *n; + queryend++; + } + sqlite3_free(escaped); + } + else if (req.query.p.size()) { char* escaped; escaped = sqlite3_mprintf("%q", req.query.p.front().c_str()); |