Skip to content

Commit

Permalink
Merge pull request #1429 from timopollmeier/fix-escaping-vt-prefs
Browse files Browse the repository at this point in the history
Fix SQL escaping when adding VT references
  • Loading branch information
bjoernricks authored Feb 26, 2021
2 parents 66e3d4e + c7a8e83 commit c63aeb0
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

### Fixed
- Also create owner WITH clause for single resources [#1406](https://github.com/greenbone/gvmd/pull/1406)
- Fix SQL escaping when adding VT references [#1429](https://github.com/greenbone/gvmd/pull/1429)

### Removed

Expand Down
6 changes: 4 additions & 2 deletions src/manage_sql_nvts.c
Original file line number Diff line number Diff line change
Expand Up @@ -327,16 +327,18 @@ insert_nvt (const nvti_t *nvti)
for (i = 0; i < nvti_vtref_len (nvti); i++)
{
vtref_t *ref;
gchar *quoted_id, *quoted_text;
gchar *quoted_type, *quoted_id, *quoted_text;

ref = nvti_vtref (nvti, i);
quoted_type = sql_quote (vtref_type (ref));
quoted_id = sql_quote (vtref_id (ref));
quoted_text = sql_quote (vtref_text (ref) ? vtref_text (ref) : "");

sql ("INSERT into vt_refs (vt_oid, type, ref_id, ref_text)"
" VALUES ('%s', '%s', '%s', '%s');",
nvti_oid (nvti), vtref_type (ref), quoted_id, quoted_text);
nvti_oid (nvti), quoted_type, quoted_id, quoted_text);

g_free (quoted_type);
g_free (quoted_id);
g_free (quoted_text);
}
Expand Down

0 comments on commit c63aeb0

Please sign in to comment.