[mpitt at debian.org: [Pkg-nagios-devel] Bug#369362: nagios: Insecure quote escaping in PostgreSQL backend]

Ethan Galstad nagios at nagios.org
Mon Jun 19 22:36:59 CEST 2006

Previous message: [mpitt at debian.org: [Pkg-nagios-devel] Bug#369362: nagios: Insecure quote escaping in PostgreSQL backend]
Next message: CSV output out of availibility Reports (Nagios patch bug)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andreas Ericsson wrote:
> sean finney wrote:
>> hi ethan,
>>
>> fyi, looks like there could potentially be some more problems with the
>> RDBMS methods in 1.x.  i think the fix is probably not too hard; instead
>> of escaping queries manually using the provided functions by libpq (and
>> i'm sure a similar function for mysql must exist?).
>>
> 
> mysql_real_escape(char *src, char **dst, size_t src_len, size_t dst_len)
> 
> or some such. **dst must be at least twice as long as src to make sure 
> the buffer can be properly escaped.
> 

Anyone interested in making a patch for this?  I'm inclined to close 
development on the 1.x branch, as working on three branches is a bit too 
much.


Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org

Previous message: [mpitt at debian.org: [Pkg-nagios-devel] Bug#369362: nagios: Insecure quote escaping in PostgreSQL backend]
Next message: CSV output out of availibility Reports (Nagios patch bug)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list