--- /dev/null
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 013-CVE-2008-2384_charset.dpatch by <joey@localhost>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix CVE-2008-2384: Encode strings securely via mysql_real_escape_string()
+
+@DPATCH@
+diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c
+--- mod-auth-mysql~/mod_auth_mysql.c 2009-01-07 21:47:20.000000000 +0100
++++ mod-auth-mysql/mod_auth_mysql.c 2009-01-08 21:12:47.000000000 +0100
+@@ -340,6 +340,8 @@ typedef struct {
+
+ module auth_mysql_module;
+
++static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec);
++
+ #ifdef APACHE2
+ static apr_status_t
+ #else
+@@ -506,9 +508,9 @@ static const char *set_scrambled_passwor
+ * server when passed in as part of a query.
+ */
+ #ifdef APACHE2
+-static char *mysql_escape(char *str, apr_pool_t *p)
++static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p)
+ #else
+-static char *mysql_escape(char *str, pool *p)
++static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p)
+ #endif
+ {
+ char *dest;
+@@ -522,7 +524,7 @@ static char *mysql_escape(char *str, poo
+ return str;
+ }
+
+- mysql_escape_string(dest, str, strlen(str));
++ mysql_real_escape_string(sec->dbh, dest, str, strlen(str));
+
+ return dest;
+ }
+@@ -1374,25 +1376,18 @@ static int open_auth_dblink(request_rec
+ }
+
+ if (sec->db_charset) {
++ const char *check;
++
+ APACHELOG(APLOG_DEBUG, r,
+ "Setting character set to %s", sec->db_charset);
+
+- query = (char *) PSTRCAT(r->pool, "SET CHARACTER SET ", sec->db_charset, NULL);
+- if (!query) {
+- APACHELOG(APLOG_ERR, r,
+- "Failed to create query string - we're no good...");
+- return -1;
+- }
++ mysql_set_character_set(sec->dbh, sec->db_charset);
+
+- if (mysql_query(sec->dbh, query)) {
+- if (sec->dbh)
+- {
+- APACHELOG(APLOG_ERR, r,
+- "Query call failed: %s (%i)", mysql_error(sec->dbh),
+- mysql_errno(sec->dbh));
+- }
++ check = mysql_character_set_name(sec->dbh);
+
+- APACHELOG(APLOG_DEBUG, r, "Failed query was: [%s]", query);
++ if (!check || strcmp(sec->db_charset, check)) {
++ APACHELOG(APLOG_ERR, r,
++ "Failed to set character set to %s", sec->db_charset);
+ return -1;
+ }
+ }
+@@ -1537,11 +1532,27 @@ static int mysql_check_user_password(req
+ char *auth_table = "mysql_auth", *auth_user_field = "username",
+ *auth_password_field = "passwd", *auth_password_clause = "";
+ char *query;
+- char *esc_user = mysql_escape(user, r->pool);
++ char *esc_user = NULL;
+ MYSQL_RES *result;
+ MYSQL_ROW sql_row;
++ int error = CR_UNKNOWN_ERROR;
+ int rv;
+
++ if (!sec->dbh) {
++ APACHELOG(APLOG_DEBUG, r,
++ "No DB connection open - firing one up");
++ if ((error = open_auth_dblink(r, sec))) {
++ APACHELOG(APLOG_DEBUG, r,
++ "open_auth_dblink returned %i", error);
++ return error;
++ }
++
++ APACHELOG(APLOG_DEBUG, r,
++ "Correctly opened a new DB connection");
++ }
++
++ esc_user = mysql_escape(sec, r, user, r->pool);
++
+ if (sec->user_table) {
+ auth_table = sec->user_table;
+ }
+@@ -1627,8 +1638,8 @@ static int mysql_check_group(request_rec
+ {
+ char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause="";
+ char *query;
+- char *esc_user = mysql_escape(user, r->pool);
+- char *esc_group = mysql_escape(group, r->pool);
++ char *esc_user = mysql_escape(sec, r, user, r->pool);
++ char *esc_group = mysql_escape(sec, r, group, r->pool);
+ MYSQL_RES *result;
+ MYSQL_ROW row;
+ char *auth_user_field = "username";