db: Quote the IMEI string before passing it into the database.

commit: f64a20f2e8633230219f471563bf96e9acf07045 [log] [tgz]
author: Holger Hans Peter Freyther <zecke@selfish.org> Sun Dec 26 20:04:49 2010 +0100
committer: Holger Hans Peter Freyther <zecke@selfish.org> Sun Dec 26 21:19:29 2010 +0100
tree: 7622aef13a436179bd95dc47ac07ca0ae5469b5f
parent: 9d3e2ec6985b85d8ef763d3cae5de43deffb03c9 [diff] [blame]
diff --git a/openbsc/src/db.c b/openbsc/src/db.c
index 2051288..4847fb0 100644
--- a/openbsc/src/db.c
+++ b/openbsc/src/db.c

@@ -738,6 +738,7 @@
 {
 	dbi_result result;
 	unsigned char *cm2, *cm3;
+	char *q_imei;
 	u_int8_t classmark1;
 
 	memcpy(&classmark1, &equip->classmark1, sizeof(classmark1));
@@ -755,6 +756,7 @@
 				   equip->classmark2_len, &cm2);
 	dbi_conn_quote_binary_copy(conn, equip->classmark3,
 				   equip->classmark3_len, &cm3);
+	dbi_conn_quote_string_copy(conn, equip->imei, &q_imei);
 
 	result = dbi_conn_queryf(conn,
 		"UPDATE Equipment SET "
@@ -762,11 +764,12 @@
 			"classmark1 = %u, "
 			"classmark2 = %s, "
 			"classmark3 = %s "
-		"WHERE imei = '%s' ",
-		classmark1, cm2, cm3, equip->imei);
+		"WHERE imei = %s ",
+		classmark1, cm2, cm3, q_imei);
 
 	free(cm2);
 	free(cm3);
+	free(q_imei);
 
 	if (!result) {
 		LOGP(DDB, LOGL_ERROR, "Failed to update Equipment\n");
commit	f64a20f2e8633230219f471563bf96e9acf07045	[log] [tgz]
author	Holger Hans Peter Freyther <zecke@selfish.org>	Sun Dec 26 20:04:49 2010 +0100
committer	Holger Hans Peter Freyther <zecke@selfish.org>	Sun Dec 26 21:19:29 2010 +0100
tree	7622aef13a436179bd95dc47ac07ca0ae5469b5f
parent	9d3e2ec6985b85d8ef763d3cae5de43deffb03c9 [diff] [blame]