Closed Bug 423402 Opened 16 years ago Closed 16 years ago

Invalid SQL statement for nsOfflineCacheDevice::EvictEntries with used clientID

Categories

(Core :: Networking: Cache, defect)

Product:
Core
Component:
Networking: Cache
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ondrej, Unassigned)

References

Details

During audit of all SQL statements (bug 405920) it has been found that module nsDiskCacheDeviceSQL.cpp contains on line 1257 code, that would lead to invalid SQL statement.

The problem is invalid conversion specification %q in the following formatting string:

      PR_smprintf("DELETE FROM moz_cache WHERE ClientID=%q AND Flags=0;",
                  clientID);

PR_smprintf calls dosprintf, where it can be seen that invalid conversion specification is ignored and is copied to the output string. The source of this bug could be related to the sqlite extension from sqlite3_mprintf function where %q converts string be escaping single quotes. However, even in this case the code would be wrong, because %q needs to be enclosed in single quotes.

The code should be fixed by binding the string parameter. Unit test should be enhanced to cover this scenario.

There is no security risk, just the code does not work.
This is no more valid bug. The code has changed to bind the parameter because ClientID is built from manifest URL (from a public source).
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.