X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/1e1ddfac79fbcd052f199500a6493c7f79cb8462..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/lookups/mysql.c

diff --git a/src/src/lookups/mysql.c b/src/src/lookups/mysql.c
index 96f7c1fa1..a8dae4ade 100644
--- a/src/src/lookups/mysql.c
+++ b/src/src/lookups/mysql.c
@@ -2,9 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 /* Thanks to Paul Kelly for contributing the original code for these
 functions. */
@@ -231,7 +232,7 @@ if (!cn)
 
   /* Get store for a new handle, initialize it, and connect to the server */
 
-  mysql_handle = store_get(sizeof(MYSQL), FALSE);
+  mysql_handle = store_get(sizeof(MYSQL), GET_UNTAINTED);
   mysql_init(mysql_handle);
   mysql_options(mysql_handle, MYSQL_READ_DEFAULT_GROUP, CS group);
   if (mysql_real_connect(mysql_handle,
@@ -247,7 +248,7 @@ if (!cn)
 
   /* Add the connection to the cache */
 
-  cn = store_get(sizeof(mysql_connection), FALSE);
+  cn = store_get(sizeof(mysql_connection), GET_UNTAINTED);
   cn->server = server_copy;
   cn->handle = mysql_handle;
   cn->next = mysql_connections;
@@ -286,7 +287,7 @@ if (!(mysql_result = mysql_use_result(mysql_handle)))
     {
     DEBUG(D_lookup) debug_printf_indent("MYSQL: query was not one that returns data\n");
     result = string_cat(result,
-	       string_sprintf("%d", mysql_affected_rows(mysql_handle)));
+	       string_sprintf("%lld", mysql_affected_rows(mysql_handle)));
     *do_cache = 0;
     goto MYSQL_EXIT;
     }
@@ -308,7 +309,7 @@ fields = mysql_fetch_fields(mysql_result);
 
 while ((mysql_row_data = mysql_fetch_row(mysql_result)))
   {
-  unsigned long *lengths = mysql_fetch_lengths(mysql_result);
+  unsigned long * lengths = mysql_fetch_lengths(mysql_result);
 
   if (result)
     result = string_catn(result, US"\n", 1);
@@ -319,7 +320,9 @@ while ((mysql_row_data = mysql_fetch_row(mysql_result)))
 			result);
 
   else if (mysql_row_data[0] != NULL)    /* NULL value yields nothing */
-      result = string_catn(result, US mysql_row_data[0], lengths[0]);
+      result = lengths[0] == 0 && !result
+	? string_get(1)		/* for 0-len string result ensure non-null gstring */
+        : string_catn(result, US mysql_row_data[0], lengths[0]);
   }
 
 /* more results? -1 = no, >0 = error, 0 = yes (keep looping)
@@ -411,43 +414,39 @@ can't quote "on spec".
 Arguments:
   s          the string to be quoted
   opt        additional option text or NULL if none
+  idx	     lookup type index
 
 Returns:     the processed string or NULL for a bad option
 */
 
 static uschar *
-mysql_quote(uschar *s, uschar *opt)
+mysql_quote(uschar * s, uschar * opt, unsigned idx)
 {
-register int c;
-int count = 0;
-uschar *t = s;
-uschar *quoted;
+int c, count = 0;
+uschar * t = s, * quoted;
 
-if (opt != NULL) return NULL;     /* No options recognized */
+if (opt) return NULL;     /* No options recognized */
 
-while ((c = *t++) != 0)
+while ((c = *t++))
   if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL) count++;
 
-if (count == 0) return s;
-t = quoted = store_get(Ustrlen(s) + count + 1, is_tainted(s));
+/* Old code:  if (count == 0) return s;
+Now always allocate and copy, to track the quoted status. */
 
-while ((c = *s++) != 0)
+t = quoted = store_get_quoted(Ustrlen(s) + count + 1, s, idx);
+
+while ((c = *s++))
   {
   if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL)
     {
     *t++ = '\\';
     switch(c)
       {
-      case '\n': *t++ = 'n';
-      break;
-      case '\t': *t++ = 't';
-      break;
-      case '\r': *t++ = 'r';
-      break;
-      case '\b': *t++ = 'b';
-      break;
-      default:   *t++ = c;
-      break;
+      case '\n': *t++ = 'n'; break;
+      case '\t': *t++ = 't'; break;
+      case '\r': *t++ = 'r'; break;
+      case '\b': *t++ = 'b'; break;
+      default:   *t++ = c;   break;
       }
     }
   else *t++ = c;
@@ -466,16 +465,19 @@ return quoted;
 
 #include "../version.h"
 
-void
-mysql_version_report(FILE *f)
+gstring *
+mysql_version_report(gstring * g)
 {
-fprintf(f, "Library version: MySQL: Compile: %lu %s [%s]\n"
-           "                        Runtime: %lu %s\n",
+g = string_fmt_append(g,
+  "Library version: MySQL: Compile: %lu %s [%s]\n"
+  "                        Runtime: %lu %s\n",
         (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, EXIM_MxSQL_BASE_STR,
         mysql_get_client_version(), mysql_get_client_info());
 #ifdef DYNLOOKUP
-fprintf(f, "                        Exim version %s\n", EXIM_VERSION_STR);
+g = string_fmt_append(g,
+  "                        Exim version %s\n", EXIM_VERSION_STR);
 #endif
+return g;
 }
 
 /* These are the lookup_info blocks for this driver */