Anope Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001078Anope Stable (1.8.x series)MySQLpublic2009-05-10 11:542010-09-12 09:55
ReporterNightstalker 
Assigned Toqa@anope.org 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOtherOSLinuxOS Version
Product Version1.8.0 
Target VersionFixed in Version 
Summary0001078: SQL syntax error occurs when using encode and when the password and salt are both 17 chars long
DescriptionSQL syntax error occurs when using encode where the argument string is 17+ chars, and pass_string is 17 chars.

Here is the log entry:

---
[May 10 01:39:17 2009] Can't create sql query: UPDATE anope_ns_core SET pass = ENCODE('qwertyuiopasdfghjk','encrypted4ever888, email = 'hal@bitch.com', greet = '', icq = 0, url = '', flags = 243, language = 0, accesscount = 1, memocount = 0, memomax = 20, channelcount = 0, channelmax = 2, active = 1 WHERE display = 'yoda' : Success

[May 10 01:39:17 2009] MySQL query warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'hal@bitch.com', greet = '', icq = 0, url = '', flags = 243, language = 0, access' at line 1 : Success

[May 10 01:39:17 2009] Unable to save NickCore for 'yoda' - NickServ RDB save failed.
---

We believe the issue is relative to this particular text ENCODE('qwertyuiopasdfghjk','encrypted4ever888

First off, I'm a novice when it comes to C but I'm assuming the issue is due to a character buffer in src/mysql.c being too short.

For example, this function db_mysql_save_ns_core() .. the variable epass has a buffer of size PASSMAX + 15. I simply increased all buffer's with + 15 to + 256 bytes and recompiled. Things seem to be functioning properly, however, I am not entirely sure this is the correct way to go about it.

If you want more information, I can come and talk to you on irc.

Contact me at james@nixsecurity.org

Thank you.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0005561)
chaz (administrator)
2010-09-12 09:55

Issues marked as resolved for a period of time without argument will be closed.

- Issue History
Date Modified Username Field Change
2009-05-10 18:05 CyberBotX Status UNCONFIRMED => RESOLVED
2009-05-10 18:05 CyberBotX CC => CyberBotX
2009-05-10 18:05 CyberBotX Resolution => FIXED
2010-01-10 20:55 CyberBotX Source_changeset_attached stable r2299 =>
2010-01-10 21:00 CyberBotX Source_changeset_attached stable r2299 =>
2010-01-13 20:45 CyberBotX Source_changeset_attached stable r2299 =>
2010-09-12 09:55 chaz Note Added: 0005561
2010-09-12 09:55 chaz Status resolved => closed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker