mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-12-24 18:30:11 +01:00
Fixed sql query to manticore
Signed-off-by: Janos SUTO <sj@acts.hu>
This commit is contained in:
parent
092301e6a6
commit
9cfe92153f
@ -114,7 +114,6 @@
|
||||
#define SQL_PREPARED_STMT_GET_META_ID_BY_MESSAGE_ID "SELECT id, piler_id FROM " SQL_METADATA_TABLE " WHERE message_id=?"
|
||||
#define SQL_PREPARED_STMT_INSERT_INTO_RCPT_TABLE "INSERT INTO " SQL_RECIPIENT_TABLE " (`id`,`to`,`todomain`) VALUES(?,?,?)"
|
||||
#define SQL_PREPARED_STMT_INSERT_INTO_SPHINX_TABLE "INSERT INTO " SQL_SPHINX_TABLE " (`id`, `from`, `to`, `fromdomain`, `todomain`, `subject`, `body`, `arrived`, `sent`, `size`, `direction`, `folder`, `attachments`, `attachment_types`) values(?,?,?,?,?,?,?,?,?,?,?,?,?,?)"
|
||||
#define SQL_PREPARED_STMT_INSERT_INTO_RT_TABLE "INSERT INTO piler1 (id, sender, rcpt, senderdomain, rcptdomain, subject, body, arrived, sent, size, direction, folder, attachments, attachment_types) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?)"
|
||||
#define SQL_PREPARED_STMT_INSERT_INTO_META_TABLE "INSERT INTO " SQL_METADATA_TABLE " (`from`,`fromdomain`,`subject`,`spam`,`arrived`,`sent`,`retained`,`size`,`hlen`,`direction`,`attachments`,`piler_id`,`message_id`,`reference`,`digest`,`bodydigest`,`vcode`) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"
|
||||
#define SQL_PREPARED_STMT_INSERT_INTO_ATTACHMENT_TABLE "INSERT INTO " SQL_ATTACHMENT_TABLE " (`piler_id`,`attachment_id`,`sig`,`name`,`type`,`size`,`ptr`) VALUES(?,?,?,?,?,?,?)"
|
||||
#define SQL_PREPARED_STMT_GET_ATTACHMENT_ID_BY_SIGNATURE "SELECT `id` FROM `" SQL_ATTACHMENT_TABLE "` WHERE `sig`=? AND `ptr`=0 AND `size`=?"
|
||||
|
@ -31,12 +31,6 @@ int store_index_data(struct session_data *sdata, struct parser_state *state, str
|
||||
if(*subj == ' ') subj++;
|
||||
|
||||
|
||||
if(cfg->rtindex){
|
||||
if(prepare_sphx_statement(sdata, &sql, SQL_PREPARED_STMT_INSERT_INTO_RT_TABLE) == ERR) return rc;
|
||||
} else {
|
||||
if(prepare_sql_statement(sdata, &sql, SQL_PREPARED_STMT_INSERT_INTO_SPHINX_TABLE) == ERR) return rc;
|
||||
}
|
||||
|
||||
fix_email_address_for_sphinx(state->b_from);
|
||||
fix_email_address_for_sphinx(state->b_sender);
|
||||
fix_email_address_for_sphinx(state->b_to);
|
||||
@ -49,6 +43,54 @@ int store_index_data(struct session_data *sdata, struct parser_state *state, str
|
||||
sender_domain = state->b_sender_domain;
|
||||
}
|
||||
|
||||
if(cfg->rtindex){
|
||||
// Manticore doesn't support prepared statements using sphinxQL
|
||||
// so we have to go through a painful query assembly escaping
|
||||
// the untrusted input
|
||||
//
|
||||
char a[4*MAXBUFSIZE+4*SMALLBUFSIZE];
|
||||
char *query=NULL;
|
||||
|
||||
snprintf(a, sizeof(a)-1, "INSERT INTO %s (id, arrived, sent, size, direction, folder, attachments, attachment_types, senderdomain, rcptdomain, sender, rcpt, subject, body) VALUES (%llu, %ld, %ld, %d, %d, %d, %d, '%s', '%s', '%s', '", cfg->sphinxdb, id, sdata->now, sdata->sent, sdata->tot_len, sdata->direction, data->folder, state->n_attachments, sdata->attachments, sender_domain, state->b_to_domain);
|
||||
|
||||
int ret = append_string_to_buffer(&query, a);
|
||||
|
||||
unsigned long len = strlen(sender);
|
||||
char *s = calloc(1, 2*len+1);
|
||||
mysql_real_escape_string(&(sdata->sphx), s, sender, len);
|
||||
ret += append_string_to_buffer(&query, s);
|
||||
free(s);
|
||||
ret += append_string_to_buffer(&query, "','");
|
||||
|
||||
len = strlen(state->b_to);
|
||||
s = calloc(1, 2*len+1);
|
||||
mysql_real_escape_string(&(sdata->sphx), s, state->b_to, len);
|
||||
ret += append_string_to_buffer(&query, s);
|
||||
free(s);
|
||||
ret += append_string_to_buffer(&query, "','");
|
||||
|
||||
len = strlen(subj);
|
||||
s = calloc(1, 2*len+1);
|
||||
mysql_real_escape_string(&(sdata->sphx), s, subj, len);
|
||||
ret += append_string_to_buffer(&query, s);
|
||||
free(s);
|
||||
ret += append_string_to_buffer(&query, "','");
|
||||
|
||||
len = strlen(state->b_body);
|
||||
s = calloc(1, 2*len+1);
|
||||
mysql_real_escape_string(&(sdata->sphx), s, state->b_body, len);
|
||||
ret += append_string_to_buffer(&query, s);
|
||||
free(s);
|
||||
ret += append_string_to_buffer(&query, "')");
|
||||
|
||||
if(mysql_real_query(&(sdata->sphx), query, strlen(query)) == OK) rc = OK;
|
||||
else syslog(LOG_PRIORITY, "ERROR: %s failed to store index data for id=%llu, errno=%d, append ret=%d", sdata->ttmpfile, id, mysql_errno(&(sdata->sphx)), ret);
|
||||
|
||||
free(query);
|
||||
}
|
||||
else {
|
||||
if(prepare_sql_statement(sdata, &sql, SQL_PREPARED_STMT_INSERT_INTO_SPHINX_TABLE) == ERR) return rc;
|
||||
|
||||
p_bind_init(&sql);
|
||||
|
||||
sql.sql[sql.pos] = (char *)&id; sql.type[sql.pos] = TYPE_LONGLONG; sql.pos++;
|
||||
@ -70,6 +112,7 @@ int store_index_data(struct session_data *sdata, struct parser_state *state, str
|
||||
else syslog(LOG_PRIORITY, "ERROR: %s failed to store index data for id=%llu, sql_errno=%d", sdata->ttmpfile, id, sdata->sql_errno);
|
||||
|
||||
close_prepared_statement(&sql);
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
26
src/misc.c
26
src/misc.c
@ -755,3 +755,29 @@ char *strcasestr(const char *s, const char *find){
|
||||
return((char*)s);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
int append_string_to_buffer(char **buffer, char *str){
|
||||
int arglen;
|
||||
char *s=NULL;
|
||||
|
||||
arglen = strlen(str);
|
||||
|
||||
if(!*buffer){
|
||||
*buffer = malloc(arglen+1);
|
||||
memset(*buffer, 0, arglen+1);
|
||||
memcpy(*buffer, str, arglen);
|
||||
}
|
||||
else {
|
||||
int len = strlen(*buffer);
|
||||
s = realloc(*buffer, len + arglen+1);
|
||||
if(!s) return 1;
|
||||
|
||||
*buffer = s;
|
||||
|
||||
memset(*buffer+len, 0, arglen+1);
|
||||
memcpy(*buffer+len, str, arglen);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -54,4 +54,6 @@ int init_ssl_to_server(struct data *data);
|
||||
char *strcasestr(const char *s, const char *find);
|
||||
#endif
|
||||
|
||||
int append_string_to_buffer(char **buffer, char *str);
|
||||
|
||||
#endif /* _MISC_H */
|
||||
|
17
src/mysql.c
17
src/mysql.c
@ -254,23 +254,6 @@ int prepare_sql_statement(struct session_data *sdata, struct sql *sql, char *s){
|
||||
}
|
||||
|
||||
|
||||
int prepare_sphx_statement(struct session_data *sdata, struct sql *sql, char *s){
|
||||
|
||||
sql->stmt = mysql_stmt_init(&(sdata->sphx));
|
||||
if(!(sql->stmt)){
|
||||
syslog(LOG_PRIORITY, "%s: error: mysql_stmt_init()", sdata->ttmpfile);
|
||||
return ERR;
|
||||
}
|
||||
|
||||
if(mysql_stmt_prepare(sql->stmt, s, strlen(s))){
|
||||
syslog(LOG_PRIORITY, "%s: error: mysql_stmt_prepare() %s => sql: %s", sdata->ttmpfile, mysql_stmt_error(sql->stmt), s);
|
||||
return ERR;
|
||||
}
|
||||
|
||||
return OK;
|
||||
}
|
||||
|
||||
|
||||
void close_prepared_statement(struct sql *sql){
|
||||
if(sql->stmt) mysql_stmt_close(sql->stmt);
|
||||
}
|
||||
|
@ -137,32 +137,6 @@ int append_email_to_buffer(char **buffer, char *email){
|
||||
}
|
||||
|
||||
|
||||
int append_string_to_buffer(char **buffer, char *str){
|
||||
int arglen;
|
||||
char *s=NULL;
|
||||
|
||||
arglen = strlen(str);
|
||||
|
||||
if(!*buffer){
|
||||
*buffer = malloc(arglen+1);
|
||||
memset(*buffer, 0, arglen+1);
|
||||
memcpy(*buffer, str, arglen);
|
||||
}
|
||||
else {
|
||||
int len = strlen(*buffer);
|
||||
s = realloc(*buffer, len + arglen+1);
|
||||
if(!s) return 1;
|
||||
|
||||
*buffer = s;
|
||||
|
||||
memset(*buffer+len, 0, arglen+1);
|
||||
memcpy(*buffer+len, str, arglen);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
uint64 run_query(struct session_data *sdata, struct session_data *sdata2, char *where_condition, uint64 last_id, int *num, struct config *cfg){
|
||||
MYSQL_ROW row;
|
||||
uint64 id=0;
|
||||
|
@ -11,7 +11,6 @@ int open_sphx(struct session_data *sdata, struct config *cfg);
|
||||
void close_database(struct session_data *sdata);
|
||||
void close_sphx(struct session_data *sdata);
|
||||
int prepare_sql_statement(struct session_data *sdata, struct sql *sql, char *s);
|
||||
int prepare_sphx_statement(struct session_data *sdata, struct sql *sql, char *s);
|
||||
void p_query(struct session_data *sdata, char *s);
|
||||
int p_exec_stmt(struct session_data *sdata, struct sql *sql);
|
||||
int p_store_results(struct sql *sql);
|
||||
|
Loading…
Reference in New Issue
Block a user