Date: Mon, 1 Jan 2007 18:26:23 -0900 From: "Beech Rintoul" <beech@alaskaparadise.com> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Cc: beech@alaskaparadise.com Subject: ports/107416: [Maintainer Update] ftp/proftpd: Added combined patch-contrib-mod_sql.c Message-ID: <1167708383.37866@stargate.alaskaparadise.com> Resent-Message-ID: <200701020330.l023UHQ8043835@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 107416
>Category: ports
>Synopsis: [Maintainer Update] ftp/proftpd: Added combined patch-contrib-mod_sql.c
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 02 03:30:14 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Beech Rintoul
>Release: FreeBSD 7.0-CURRENT i386
>Organization:
Alaska Paradise
>Environment:
System: FreeBSD 7.0-CURRENT #96: Sat Dec 30 02:46:49 AKST 2006
root@stargate.alaskaparadise.com:/usr/obj/usr/src/sys/STARGATE
>Description:
*Bumped PORTREVISION
*Added combined patch-contrib-mod_sql.c
Addresses distributor bugs #2828 & #2869 - mod_sql botches WHERE clauses and Support variables in SQL WHERE directives.
*Added include/proftpd/mod_sql.h to pkg-plist
>How-To-Repeat:
>Fix:
diff -ruN --exclude=CVS /usr/ports/ftp/proftpd.orig/Makefile /usr/ports/ftp/proftpd/Makefile
--- /usr/ports/ftp/proftpd.orig/Makefile Mon Jan 1 03:44:05 2007
+++ /usr/ports/ftp/proftpd/Makefile Mon Jan 1 17:49:46 2007
@@ -7,7 +7,7 @@
PORTNAME= proftpd
DISTVERSION= 1.3.1rc1
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \
ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \
@@ -58,7 +58,7 @@
RADIUS "Include mod_radius" off \
QUOTATAB_RADIUS "include mod_quotatab_radius" off \
BAN "include mod_ban (Requires CTRLS)" off \
- NLS "Use nls-builds mod_lang" off
+ NLS "Use nls (builds mod_lang)" off
MODULES?=
LIBDIRS?=
diff -ruN --exclude=CVS /usr/ports/ftp/proftpd.orig/files/patch-contrib-mod_sql.c /usr/ports/ftp/proftpd/files/patch-contrib-mod_sql.c
--- /usr/ports/ftp/proftpd.orig/files/patch-contrib-mod_sql.c Wed Dec 31 14:00:00 1969
+++ /usr/ports/ftp/proftpd/files/patch-contrib-mod_sql.c Mon Jan 1 17:25:54 2007
@@ -0,0 +1,249 @@
+--- contrib/mod_sql.c.orig Mon Dec 11 13:40:18 2006
++++ contrib/mod_sql.c Mon Jan 1 17:16:57 2007
+@@ -104,8 +104,11 @@
+
+ module sql_module;
+
+-static char *_sql_where(cmd_rec *, int, ...);
+ #define SQL_MAX_STMT_LEN 4096
++
++static char *sql_prepare_where(int, cmd_rec *, int, ...);
++#define SQL_PREPARE_WHERE_FL_NO_TAGS 0x00001
++
+ static char *resolve_long_tag(cmd_rec *, char *);
+ static int resolve_numeric_tag(cmd_rec *, char *);
+ static char *resolve_short_tag(cmd_rec *, char);
+@@ -752,10 +755,10 @@
+ return mr ? (char *) mr->data : NULL;
+ }
+
+-static char *_sql_where(cmd_rec *cmd, int cnt, ...) {
++static char *sql_prepare_where(int flags, cmd_rec *cmd, int cnt, ...) {
+ int i, flag;
+ int curr_avail;
+- char *buf = "", *res, *tchar, *curr, *tmp;
++ char *buf = "", *res, *tchar;
+ va_list dummy;
+
+ res = pcalloc(cmd->tmp_pool, SQL_MAX_STMT_LEN);
+@@ -774,31 +777,53 @@
+ }
+ va_end(dummy);
+
+- /* Process variables in WHERE clauses, except any "%{num}" references. */
+- curr = res;
+- curr_avail = SQL_MAX_STMT_LEN;
+- for (tmp = buf; *tmp; ) {
+- char *str;
+- modret_t *mr;
++ if (!(flags & SQL_PREPARE_WHERE_FL_NO_TAGS)) {
++ char *curr, *tmp;
+
+- if (*tmp == '%') {
+- char *tag = NULL;
++ /* Process variables in WHERE clauses, except any "%{num}" references. */
++ curr = res;
++ curr_avail = SQL_MAX_STMT_LEN;
++
++ for (tmp = buf; *tmp; ) {
++ char *str;
++ modret_t *mr;
+
+- if (*(++tmp) == '{') {
+- char *query;
++ if (*tmp == '%') {
++ char *tag = NULL;
+
+- if (*tmp != '\0')
+- query = ++tmp;
++ if (*(++tmp) == '{') {
++ char *query;
+
+- while (*tmp && *tmp != '}')
+- tmp++;
++ if (*tmp != '\0')
++ query = ++tmp;
++
++ while (*tmp && *tmp != '}')
++ tmp++;
++
++ tag = pstrndup(cmd->tmp_pool, query, (tmp - query));
++ if (tag) {
++ str = resolve_long_tag(cmd, tag);
++ if (!str)
++ str = pstrdup(cmd->tmp_pool, "");
++
++ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 2, "default",
++ str), "sql_escapestring");
++ if (check_response(mr) < 0)
++ return NULL;
++
++ sstrcat(curr, mr->data, curr_avail);
++ curr += strlen(mr->data);
++ curr_avail -= strlen(mr->data);
+
+- tag = pstrndup(cmd->tmp_pool, query, (tmp - query));
+- if (tag) {
+- str = resolve_long_tag(cmd, tag);
+- if (!str)
+- str = pstrdup(cmd->tmp_pool, "");
++ if (*tmp != '\0')
++ tmp++;
++
++ } else {
++ return NULL;
++ }
+
++ } else {
++ str = resolve_short_tag(cmd, *tmp);
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 2, "default",
+ str), "sql_escapestring");
+ if (check_response(mr) < 0)
+@@ -810,32 +835,18 @@
+
+ if (*tmp != '\0')
+ tmp++;
+-
+- } else {
+- return NULL;
+ }
+
+ } else {
+- str = resolve_short_tag(cmd, *tmp);
+- mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 2, "default",
+- str), "sql_escapestring");
+- if (check_response(mr) < 0)
+- return NULL;
+-
+- sstrcat(curr, mr->data, curr_avail);
+- curr += strlen(mr->data);
+- curr_avail -= strlen(mr->data);
+-
+- if (*tmp != '\0')
+- tmp++;
++ *curr++ = *tmp++;
++ curr_avail--;
+ }
+-
+- } else {
+- *curr++ = *tmp++;
+- curr_avail--;
+ }
++ *curr++ = '\0';
++
++ } else {
++ res = buf;
+ }
+- *curr++ = '\0';
+
+ return res;
+ }
+@@ -1212,7 +1223,7 @@
+ }
+
+ if (!cmap.usercustom) {
+- where = _sql_where(cmd, 2, usrwhere, cmap.userwhere);
++ where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere);
+
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 5, "default",
+ cmap.usrtable, cmap.usrfields, where, "1"), "sql_select");
+@@ -1438,7 +1449,7 @@
+ return NULL;
+ }
+
+- where = _sql_where(cmd, 2, grpwhere, cmap.groupwhere);
++ where = sql_prepare_where(0, cmd, 2, grpwhere, cmap.groupwhere);
+
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 5, "default",
+ cmap.grptable, cmap.grpfield, where, "1"), "sql_select");
+@@ -1456,7 +1467,7 @@
+
+ grpwhere = pstrcat(cmd->tmp_pool, cmap.grpfield, " = '", groupname, "'",
+ NULL);
+- where = _sql_where(cmd, 2, grpwhere, cmap.groupwhere);
++ where = sql_prepare_where(0, cmd, 2, grpwhere, cmap.groupwhere);
+
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default",
+ cmap.grptable, cmap.grpfields, where), "sql_select");
+@@ -1530,7 +1541,7 @@
+
+ usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, " = '", _sql_realuser(cmd),
+ "'", NULL);
+- where = _sql_where(cmd, 2, usrwhere, cmap.userwhere);
++ where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere);
+
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default", cmap.usrtable,
+ query, where), "sql_update");
+@@ -1606,7 +1617,8 @@
+ cmap.grpmembersfield, " = '", username, "'", NULL);
+ }
+
+- where = _sql_where(cmd, 2, grpwhere, cmap.groupwhere);
++ where = sql_prepare_where(SQL_PREPARE_WHERE_FL_NO_TAGS, cmd, 2, grpwhere,
++ sql_prepare_where(0, cmd, 1, cmap.groupwhere));
+
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default",
+ cmap.grptable, cmap.grpfields, where), "sql_select");
+@@ -1746,7 +1758,7 @@
+ static char *resolve_short_tag(cmd_rec *cmd, char tag) {
+ char arg[256] = {'\0'}, *argp;
+
+- switch(tag) {
++ switch (tag) {
+ case 'A': {
+ char *pass;
+
+@@ -2915,7 +2927,7 @@
+ /* single select or not? */
+ if (SQL_FASTUSERS) {
+ /* retrieve our list of passwds */
+- where = _sql_where(cmd, 1, cmap.userwhere);
++ where = sql_prepare_where(0, cmd, 1, cmap.userwhere);
+
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default",
+ cmap.usrtable, cmap.usrfields, where), "sql_select");
+@@ -2978,7 +2990,7 @@
+ }
+ } else {
+ /* retrieve our list of passwds */
+- where = _sql_where(cmd, 1, cmap.userwhere);
++ where = sql_prepare_where(0, cmd, 1, cmap.userwhere);
+
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default",
+ cmap.usrtable, cmap.usrfield, where), "sql_select");
+@@ -3086,7 +3098,7 @@
+
+ if (SQL_FASTGROUPS) {
+ /* retrieve our list of groups */
+- where = _sql_where(cmd, 1, cmap.groupwhere);
++ where = sql_prepare_where(0, cmd, 1, cmap.groupwhere);
+
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 6, "default",
+ cmap.grptable, cmap.grpfields, where, NULL), "sql_select");
+@@ -3120,7 +3132,7 @@
+
+ } else {
+ /* retrieve our list of groups */
+- where = _sql_where(cmd, 1, cmap.groupwhere);
++ where = sql_prepare_where(0, cmd, 1, cmap.groupwhere);
+
+ mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 6, "default",
+ cmap.grptable, cmap.grpfield, where, NULL, "DISTINCT"), "sql_select");
+@@ -3593,7 +3605,7 @@
+
+ usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, " = '", _sql_realuser(cmd),
+ "'", NULL);
+- where = _sql_where(cmd, 2, usrwhere, cmap.userwhere);
++ where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere);
+
+ query = pstrcat(cmd->tmp_pool, cmap.sql_fstor, ", ",
+ cmap.sql_fretr, ", ", cmap.sql_bstor, ", ",
+@@ -3627,7 +3639,7 @@
+
+ usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, " = '", _sql_realuser(cmd),
+ "'", NULL);
+- where = _sql_where(cmd, 2, usrwhere, cmap.userwhere);
++ where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere);
+
+ query = pstrcat(cmd->tmp_pool, cmap.sql_frate, ", ",
+ cmap.sql_fcred, ", ", cmap.sql_brate, ", ",
diff -ruN --exclude=CVS /usr/ports/ftp/proftpd.orig/pkg-plist /usr/ports/ftp/proftpd/pkg-plist
--- /usr/ports/ftp/proftpd.orig/pkg-plist Mon Jan 1 03:44:05 2007
+++ /usr/ports/ftp/proftpd/pkg-plist Mon Jan 1 18:05:33 2007
@@ -29,6 +29,7 @@
include/proftpd/log.h
include/proftpd/mkhome.h
include/proftpd/mod_ctrls.h
+include/proftpd/mod_sql.h
include/proftpd/mod_wrap2.h
include/proftpd/modules.h
include/proftpd/netacl.h
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1167708383.37866>