diff --git a/security/cyrus-sasl2-sql/Makefile b/security/cyrus-sasl2-sql/Makefile index 471cc4038e0f..c8ef4ce4f261 100644 --- a/security/cyrus-sasl2-sql/Makefile +++ b/security/cyrus-sasl2-sql/Makefile @@ -1,27 +1,28 @@ PKGNAMESUFFIX= -sql +PORTREVISION= 1 COMMENT= SASL SQL plugins OPTIONS_DEFINE= MYSQL PGSQL OPTIONS_RADIO= SQLITE OPTIONS_RADIO_SQLITE= SQLITE2 SQLITE3 OPTIONS_DEFAULT= MYSQL OPTIONS_SUB= yes MYSQL_USES= mysql MYSQL_CONFIGURE_ON= --with-mysql=${LOCALBASE} MYSQL_CONFIGURE_OFF= --without-mysql PGSQL_USES= pgsql PGSQL_CONFIGURE_ON= --with-pgsql=${LOCALBASE} PGSQL_CONFIGURE_OFF= --without-pgsql SQLITE2_USES= sqlite:2 SQLITE2_CONFIGURE_ON= --with-sqlite=${LOCALBASE} SQLITE2_CONFIGURE_OFF= --without-sqlite SQLITE3_USES= sqlite:3 SQLITE3_CONFIGURE_ON= --with-sqlite3=${LOCALBASE} SQLITE3_CONFIGURE_OFF= --without-sqlite3 CONFIGURE_ARGS+= --enable-sql .include "${.CURDIR}/../../security/cyrus-sasl2/Makefile.common" diff --git a/security/cyrus-sasl2/files/patch-plugins__sql.c b/security/cyrus-sasl2/files/patch-plugins__sql.c new file mode 100644 index 000000000000..1983317092bf --- /dev/null +++ b/security/cyrus-sasl2/files/patch-plugins__sql.c @@ -0,0 +1,66 @@ +--- plugins/sql.c.orig 2016-12-10 15:45:55 UTC ++++ plugins/sql.c +@@ -1150,6 +1150,7 @@ static int sql_auxprop_store(void *glob_context, + char *statement = NULL; + char *escap_userid = NULL; + char *escap_realm = NULL; ++ char *escap_passwd = NULL; + const char *cmd; + + sql_settings_t *settings; +@@ -1221,6 +1222,11 @@ static int sql_auxprop_store(void *glob_context, + "Unable to begin transaction\n"); + } + for (cur = to_store; ret == SASL_OK && cur->name; cur++) { ++ /* Free the buffer, current content is from previous loop. */ ++ if (escap_passwd) { ++ sparams->utils->free(escap_passwd); ++ escap_passwd = NULL; ++ } + + if (cur->name[0] == '*') { + continue; +@@ -1242,19 +1248,32 @@ static int sql_auxprop_store(void *glob_context, + } + sparams->utils->free(statement); + ++ if (cur->values[0]) { ++ escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1); ++ if (!escap_passwd) { ++ ret = SASL_NOMEM; ++ break; ++ } ++ settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]); ++ } ++ + /* create a statement that we will use */ + statement = sql_create_statement(cmd, cur->name, escap_userid, + escap_realm, +- cur->values && cur->values[0] ? +- cur->values[0] : SQL_NULL_VALUE, ++ escap_passwd ? ++ escap_passwd : SQL_NULL_VALUE, + sparams->utils); ++ if (!statement) { ++ ret = SASL_NOMEM; ++ break; ++ } + + { + char *log_statement = + sql_create_statement(cmd, cur->name, + escap_userid, + escap_realm, +- cur->values && cur->values[0] ? ++ escap_passwd ? + "" : SQL_NULL_VALUE, + sparams->utils); + sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, +@@ -1287,6 +1306,7 @@ static int sql_auxprop_store(void *glob_context, + done: + if (escap_userid) sparams->utils->free(escap_userid); + if (escap_realm) sparams->utils->free(escap_realm); ++ if (escap_passwd) sparams->utils->free(escap_passwd); + if (conn) settings->sql_engine->sql_close(conn); + if (userid) sparams->utils->free(userid); + if (realm) sparams->utils->free(realm);