From a5786a2035f2a9607878774f9c308e433aa4df7d Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Fri, 25 Nov 2011 11:14:21 +0100
Subject: [PATCH] fix more sql injections

https://bugs.freedesktop.org/show_bug.cgi?id=42904
---
 src/cd-device-db.c |   42 +++++++++++++++++++++---------------------
 1 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/src/cd-device-db.c b/src/cd-device-db.c
index 808a338..e69fa64 100644
--- a/src/cd-device-db.c
+++ b/src/cd-device-db.c
@@ -151,8 +151,8 @@ cd_device_db_add (CdDeviceDb *ddb,
 	g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
 
 	g_debug ("CdDeviceDb: add device %s", device_id);
-	statement = g_strdup_printf ("INSERT INTO devices (device_id) "
-				     "VALUES ('%s')",
+	statement = sqlite3_mprintf ("INSERT INTO devices (device_id) "
+				     "VALUES ('%q')",
 				     device_id);
 
 	/* insert the entry */
@@ -168,7 +168,7 @@ cd_device_db_add (CdDeviceDb *ddb,
 		goto out;
 	}
 out:
-	g_free (statement);
+	sqlite3_free (statement);
 	return ret;
 }
 
@@ -191,9 +191,9 @@ cd_device_db_set_property (CdDeviceDb *ddb,
 	g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
 
 	g_debug ("CdDeviceDb: add device %s [%s=%s]", device_id, property, value);
-	statement = g_strdup_printf ("INSERT INTO properties (device_id, "
+	statement = sqlite3_mprintf ("INSERT INTO properties (device_id, "
 				     "property, value) "
-				     "VALUES ('%s', '%s', '%s')",
+				     "VALUES ('%q', '%q', '%q')",
 				     device_id, property, value);
 
 	/* insert the entry */
@@ -209,7 +209,7 @@ cd_device_db_set_property (CdDeviceDb *ddb,
 		goto out;
 	}
 out:
-	g_free (statement);
+	sqlite3_free (statement);
 	return ret;
 }
 
@@ -232,8 +232,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
 
 	/* remove the entry */
 	g_debug ("CdDeviceDb: remove device %s", device_id);
-	statement1 = g_strdup_printf ("DELETE FROM devices WHERE "
-				     "device_id = '%s';",
+	statement1 = sqlite3_mprintf ("DELETE FROM devices WHERE "
+				     "device_id = '%q';",
 				     device_id);
 	rc = sqlite3_exec (ddb->priv->db, statement1, NULL, NULL, &error_msg);
 	if (rc != SQLITE_OK) {
@@ -246,8 +246,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
 		ret = FALSE;
 		goto out;
 	}
-	statement2 = g_strdup_printf ("DELETE FROM properties WHERE "
-				     "device_id = '%s';",
+	statement2 = sqlite3_mprintf ("DELETE FROM properties WHERE "
+				     "device_id = '%q';",
 				     device_id);
 	rc = sqlite3_exec (ddb->priv->db, statement2, NULL, NULL, &error_msg);
 	if (rc != SQLITE_OK) {
@@ -261,8 +261,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
 		goto out;
 	}
 out:
-	g_free (statement1);
-	g_free (statement2);
+	sqlite3_free (statement1);
+	sqlite3_free (statement2);
 	return ret;
 }
 
@@ -302,9 +302,9 @@ cd_device_db_get_property (CdDeviceDb *ddb,
 	g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
 
 	g_debug ("CdDeviceDb: get property %s for %s", property, device_id);
-	statement = g_strdup_printf ("SELECT value FROM properties WHERE "
-				     "device_id = '%s' AND "
-				     "property = '%s' LIMIT 1;",
+	statement = sqlite3_mprintf ("SELECT value FROM properties WHERE "
+				     "device_id = '%q' AND "
+				     "property = '%q' LIMIT 1;",
 				     device_id, property);
 
 	/* remove the entry */
@@ -338,7 +338,7 @@ cd_device_db_get_property (CdDeviceDb *ddb,
 	value = g_strdup (g_ptr_array_index (array_tmp, 0));
 out:
 	g_ptr_array_unref (array_tmp);
-	g_free (statement);
+	sqlite3_free (statement);
 	return value;
 }
 
@@ -360,7 +360,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb,
 
 	/* get all the devices */
 	g_debug ("CdDeviceDb: get devices");
-	statement = g_strdup_printf ("SELECT device_id FROM devices;");
+	statement = sqlite3_mprintf ("SELECT device_id FROM devices;");
 	array_tmp = g_ptr_array_new_with_free_func (g_free);
 	rc = sqlite3_exec (ddb->priv->db,
 			   statement,
@@ -381,7 +381,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb,
 	array = g_ptr_array_ref (array_tmp);
 out:
 	g_ptr_array_unref (array_tmp);
-	g_free (statement);
+	sqlite3_free (statement);
 	return array;
 }
 
@@ -404,8 +404,8 @@ cd_device_db_get_properties (CdDeviceDb *ddb,
 
 	/* get all the devices */
 	g_debug ("CdDeviceDb: get properties for device %s", device_id);
-	statement = g_strdup_printf ("SELECT property FROM properties "
-				     "WHERE device_id = '%s';",
+	statement = sqlite3_mprintf ("SELECT property FROM properties "
+				     "WHERE device_id = '%q';",
 				     device_id);
 	array_tmp = g_ptr_array_new_with_free_func (g_free);
 	rc = sqlite3_exec (ddb->priv->db,
@@ -427,7 +427,7 @@ cd_device_db_get_properties (CdDeviceDb *ddb,
 	array = g_ptr_array_ref (array_tmp);
 out:
 	g_ptr_array_unref (array_tmp);
-	g_free (statement);
+	sqlite3_free (statement);
 	return array;
 }
 
-- 
1.7.7