1 #! /bin/sh /usr/share/dpatch/dpatch-run
2 ## 013-CVE-2008-2384_charset.dpatch by <joey@localhost>
4 ## All lines beginning with `## DP:' are a description of the patch.
5 ## DP: Fix CVE-2008-2384: Encode strings securely via mysql_real_escape_string()
8 diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c
9 --- mod-auth-mysql~/mod_auth_mysql.c 2009-01-07 21:47:20.000000000 +0100
10 +++ mod-auth-mysql/mod_auth_mysql.c 2009-01-08 21:12:47.000000000 +0100
11 @@ -340,6 +340,8 @@ typedef struct {
13 module auth_mysql_module;
15 +static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec);
20 @@ -506,9 +508,9 @@ static const char *set_scrambled_passwor
21 * server when passed in as part of a query.
24 -static char *mysql_escape(char *str, apr_pool_t *p)
25 +static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p)
27 -static char *mysql_escape(char *str, pool *p)
28 +static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p)
32 @@ -522,7 +524,7 @@ static char *mysql_escape(char *str, poo
36 - mysql_escape_string(dest, str, strlen(str));
37 + mysql_real_escape_string(sec->dbh, dest, str, strlen(str));
41 @@ -1374,25 +1376,18 @@ static int open_auth_dblink(request_rec
44 if (sec->db_charset) {
47 APACHELOG(APLOG_DEBUG, r,
48 "Setting character set to %s", sec->db_charset);
50 - query = (char *) PSTRCAT(r->pool, "SET CHARACTER SET ", sec->db_charset, NULL);
52 - APACHELOG(APLOG_ERR, r,
53 - "Failed to create query string - we're no good...");
56 + mysql_set_character_set(sec->dbh, sec->db_charset);
58 - if (mysql_query(sec->dbh, query)) {
61 - APACHELOG(APLOG_ERR, r,
62 - "Query call failed: %s (%i)", mysql_error(sec->dbh),
63 - mysql_errno(sec->dbh));
65 + check = mysql_character_set_name(sec->dbh);
67 - APACHELOG(APLOG_DEBUG, r, "Failed query was: [%s]", query);
68 + if (!check || strcmp(sec->db_charset, check)) {
69 + APACHELOG(APLOG_ERR, r,
70 + "Failed to set character set to %s", sec->db_charset);
74 @@ -1537,11 +1532,27 @@ static int mysql_check_user_password(req
75 char *auth_table = "mysql_auth", *auth_user_field = "username",
76 *auth_password_field = "passwd", *auth_password_clause = "";
78 - char *esc_user = mysql_escape(user, r->pool);
79 + char *esc_user = NULL;
82 + int error = CR_UNKNOWN_ERROR;
86 + APACHELOG(APLOG_DEBUG, r,
87 + "No DB connection open - firing one up");
88 + if ((error = open_auth_dblink(r, sec))) {
89 + APACHELOG(APLOG_DEBUG, r,
90 + "open_auth_dblink returned %i", error);
94 + APACHELOG(APLOG_DEBUG, r,
95 + "Correctly opened a new DB connection");
98 + esc_user = mysql_escape(sec, r, user, r->pool);
100 if (sec->user_table) {
101 auth_table = sec->user_table;
103 @@ -1627,8 +1638,8 @@ static int mysql_check_group(request_rec
105 char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause="";
107 - char *esc_user = mysql_escape(user, r->pool);
108 - char *esc_group = mysql_escape(group, r->pool);
109 + char *esc_user = mysql_escape(sec, r, user, r->pool);
110 + char *esc_group = mysql_escape(sec, r, group, r->pool);
113 char *auth_user_field = "username";