Bug #23242 for DBD-SQLite: "Unknown named parameter" when binding tainted parameter

Tue Nov 14 08:54:58 2006 ckatz [...] cfa.harvard.edu - Ticket created

Subject:	"Unknown named parameter" when binding tainted parameter
Date:	Tue, 14 Nov 2006 08:54:33 -0500
To:	bug-DBD-SQLite [...] rt.cpan.org
From:	Charlie Katz <ckatz [...] cfa.harvard.edu>

With perl in taint mode, executing a SQL statement with a tainted parameter argument causes "Unknown named parameter". This situation occurs when accessing SQLite via Class::DBI under mod_perl, for example. I don't understand enough about the internals to know for sure that this is a DBD::SQLite bug, but the problem does not occur with DBD::SQLite2, with all other code identical. Thanks for your attention. ---------------------------------------------------------------------------------------------------------------------------------- #!/usr/bin/perl -wT # % sqlite3 test_case.sqlite3 # sqlite> CREATE TABLE example ( id INTEGER ); # sqlite> INSERT INTO example VALUES(1); # sqlite> ^D use DBI; use Taint 'taint'; my $dbh = DBI->connect('dbi:SQLite:test_case.sqlite3'); # # with DBI->connect('dbi:SQLite2:test_case.sqlite2'); # and a SQLite2 database, no error my $sth = $dbh->prepare("SELECT * FROM example WHERE id=?"); my $val = 1; taint $val; $sth->execute($val); --------------------------------------------------------------------------------------------------------------------------------- Linux 2.6.15-23-686 perl 5.8.7 DBI 1.52 DBD::SQLite 1.13

Wed Nov 22 11:47:42 2006 ckatz [...] cfa.harvard.edu - Correspondence added

From:

ckatz [...] cfa.harvard.edu

This behavior appears to be new in DBD-SQLite 1.13. I've tried 1.12 and 1.11 and the problem hasn't appeared. On Tue Nov 14 08:54:58 2006, ckatz@cfa.harvard.edu wrote: Show quoted text

> With perl in taint mode, executing a SQL statement with a tainted > parameter > argument causes "Unknown named parameter". This situation occurs when > accessing SQLite via Class::DBI under mod_perl, for example. > > I don't understand enough about the internals to know for sure that > this is a > DBD::SQLite bug, but the problem does not occur with DBD::SQLite2, > with all > other code identical. > > Thanks for your attention. > >

---------------------------------------------------------------------------------------------------------------------------------- Show quoted text

> #!/usr/bin/perl -wT > > # % sqlite3 test_case.sqlite3 > # sqlite> CREATE TABLE example ( id INTEGER ); > # sqlite> INSERT INTO example VALUES(1); > # sqlite> ^D > > use DBI; > use Taint 'taint'; > > my $dbh = DBI->connect('dbi:SQLite:test_case.sqlite3'); > # > # with DBI->connect('dbi:SQLite2:test_case.sqlite2'); > # and a SQLite2 database, no error > > my $sth = $dbh->prepare("SELECT * FROM example WHERE id=?"); > > my $val = 1; > taint $val; > $sth->execute($val); >

--------------------------------------------------------------------------------------------------------------------------------- Show quoted text

> > Linux 2.6.15-23-686 > perl 5.8.7 > DBI 1.52 > DBD::SQLite 1.13

Fri May 04 07:43:44 2007 gregor+debian [...] comodo.priv.at - Correspondence added

Subject:	[rt.cpan.org #23242] Patch in Debian BTS
Date:	Fri, 4 May 2007 13:42:34 +0200
To:	bug-DBD-SQLite [...] rt.cpan.org
From:	gregor herrmann <gregor+debian [...] comodo.priv.at>

This bug was also found by a Debian user who also provides a patch. For details please take a look at http://bugs.debian.org/422209 Cheers, gregor (Debian Perl Group) -- .''`. http://info.comodo.priv.at/ | gpg key ID: 0x00F3CFE4 : :' : debian: the universal operating system - http://www.debian.org/ `. `' member of https://www.vibe.at/ | how to reply: http://got.to/quote/ `- NP: The Doors: Riders On The Storm

Download signature.asc
application/pgp-signature 189b

Message body not shown because it is not plain text.

Fri May 04 07:43:47 2007 The RT System itself - Status changed from 'new' to 'open'

Wed Aug 22 22:13:16 2007 msergeant [...] cpan.org - Correspondence added

Fixed in svn.

Wed Aug 22 22:13:18 2007 msergeant [...] cpan.org - Status changed from 'open' to 'resolved'