Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

- scheduler: fix SQL injection vulnerability 

svn path=/branches/server_stable/; revision=19996
This commit is contained in:
David Anderson 2009-12-21 00:58:58 +00:00
parent 53aa10570a
commit 9dceaa9c75
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
checkin_notes
View File

@ -8896,3 +8896,8 @@ David 6 Nov 2009
db/
boinc_db.cpp
David 20 Dec 2009
- scheduler: fix SQL injection vulnerability
sched/
handle_request.cpp

5
sched/handle_request.cpp
View File

@ -599,7 +599,10 @@ int send_result_abort() {
orp.reason = ABORT_REASON_NOT_FOUND;
if (i > 0) result_names.append(", ");
result_names.append("'");
result_names.append(orp.name);
char buf[1024];
strcpy(buf, orp.name);
escape_string(buf, 1024);
result_names.append(buf);
result_names.append("'");
}