increase sql var size to MED to hold the largest possible sql string.

This commit is contained in:
Isaac Connor 2019-01-16 11:48:31 -05:00
parent 3560d6247f
commit 2b21fe3640
1 changed files with 22 additions and 17 deletions

View File

@ -88,7 +88,7 @@ bool User::canAccess( int monitor_id ) {
// Function to load a user from username and password
// Please note that in auth relay mode = none, password is NULL
User *zmLoadUser( const char *username, const char *password ) {
char sql[ZM_SQL_SML_BUFSIZ] = "";
char sql[ZM_SQL_MED_BUFSIZ] = "";
char safer_username[65]; // current db username size is 32
// According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
@ -97,9 +97,14 @@ User *zmLoadUser( const char *username, const char *password ) {
if ( password ) {
char safer_password[129]; // current db password size is 64
mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) );
snprintf( sql, sizeof(sql), "select Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", safer_username, safer_password );
snprintf(sql, sizeof(sql),
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
" FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1",
safer_username, safer_password );
} else {
snprintf( sql, sizeof(sql), "select Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Enabled = 1", safer_username );
snprintf(sql, sizeof(sql),
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
" FROM Users where Username = '%s' and Enabled = 1", safer_username );
}
if ( mysql_query(&dbconn, sql) ) {
@ -117,7 +122,7 @@ User *zmLoadUser( const char *username, const char *password ) {
if ( n_users != 1 ) {
mysql_free_result(result);
Warning("Unable to authenticate user %s", username);
return( 0 );
return NULL;
}
MYSQL_ROW dbrow = mysql_fetch_row(result);