From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 From: Paul Howarth To: git-commits@fedoraproject.org Subject: [rpms/proftpd] f44: Address another avenue for SQL injection, via custom SQLUserInfo queries Date: Mon, 08 Jun 2026 15:14:14 GMT Message-ID: <178093165456.1.16746797143159619641.rpms-proftpd-d1dff165e1a0@fedoraproject.org> List-ID: X-Git-Repo: rpms/proftpd X-Git-Branch: f44 X-Git-Rev: d1dff165e1a0a24198402deaf3fcee27c28d22e8 QSBuZXcgY29tbWl0IGhhcyBiZWVuIHB1c2hlZC4KClJlcG8gICA6IHJwbXMvcHJvZnRwZApCcmFu Y2ggOiBmNDQKQ29tbWl0IDogZDFkZmYxNjVlMWEwYTI0MTk4NDAyZGVhZjNmY2VlMjdjMjhkMjJl OApBdXRob3IgOiBQYXVsIEhvd2FydGggPHBhdWxAY2l0eS1mYW4ub3JnPgpEYXRlICAgOiAyMDI2 LTA1LTIwVDA5OjM1OjU5KzAxOjAwClN0YXRzICA6ICszNS8tMSBpbiAyIGZpbGUocykKVVJMICAg IDogaHR0cHM6Ly9zcmMuZmVkb3JhcHJvamVjdC5vcmcvcnBtcy9wcm9mdHBkL2MvZDFkZmYxNjVl MWEwYTI0MTk4NDAyZGVhZjNmY2VlMjdjMjhkMjJlOD9icmFuY2g9ZjQ0CgpMb2c6CkFkZHJlc3Mg YW5vdGhlciBhdmVudWUgZm9yIFNRTCBpbmplY3Rpb24sIHZpYSBjdXN0b20gU1FMVXNlckluZm8g cXVlcmllcwoKLS0tCmRpZmYgLS1naXQgYS8xYTVjZTY0Ni5wYXRjaCBiLzFhNWNlNjQ2LnBhdGNo Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLmU0YTcxNjgKLS0tIC9kZXYvbnVs bAorKysgYi8xYTVjZTY0Ni5wYXRjaApAQCAtMCwwICsxLDI3IEBACitGcm9tIDFhNWNlNjQ2Nzc1 NmU5MmY0MmY4OWM1M2YwZjM3MGRjMGYwMjA2ZDcgTW9uIFNlcCAxNyAwMDowMDowMCAyMDAxCitG cm9tOiBUSiBTYXVuZGVycyA8dGpAY2FzdGFnbGlhLm9yZz4KK0RhdGU6IFR1ZSwgMTkgTWF5IDIw MjYgMDg6MDE6MTEgLTA3MDAKK1N1YmplY3Q6IFtQQVRDSF0gSXNzdWUgIzIwNTI6IEFkZHJlc3Mg YW5vdGhlciBhdmVudWUgZm9yIFNRTCBpbmplY3Rpb24sIHZpYQorIGN1c3RvbSBTUUxVc2VySW5m byBxdWVyaWVzLgorCistLS0KKyBjb250cmliL21vZF9zcWwuYyB8IDUgKysrKy0KKyAxIGZpbGUg Y2hhbmdlZCwgNCBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pCisKK2RpZmYgLS1naXQgYS9j b250cmliL21vZF9zcWwuYyBiL2NvbnRyaWIvbW9kX3NxbC5jCitpbmRleCBiOTA3MjU5NDIuLmQy OGI0ODNkMSAxMDA2NDQKKy0tLSBhL2NvbnRyaWIvbW9kX3NxbC5jCisrKysgYi9jb250cmliL21v ZF9zcWwuYworQEAgLTE5OTksOCArMTk5OSwxMSBAQCBzdGF0aWMgc3RydWN0IHBhc3N3ZCAqc3Fs X2dldHBhc3N3ZChjbWRfcmVjICpjbWQsIHN0cnVjdCBwYXNzd2QgKnApIHsKKyAgICAgICB9Cisg CisgICAgIH0gZWxzZSB7CisrICAgICAgLyogVGhlIHVzZXJuYW1lIGhhcyBiZWVuIGVzY2FwZWQg YWNjb3JkaW5nIHRvIHRoZSBiYWNrZW5kIGRhdGFiYXNlJyBydWxlcworKyAgICAgICAqIGF0IHRo aXMgcG9pbnQuCisrICAgICAgICovCisgICAgICAgbXIgPSBzcWxfbG9va3VwKHNxbF9tYWtlX2Nt ZChjbWQtPnRtcF9wb29sLCAzLCBNT0RfU1FMX0RFRl9DT05OX05BTUUsCistICAgICAgICBjbWFw LnVzZXJjdXN0b20sIHJlYWxuYW1lID8gcmVhbG5hbWUgOiAiTlVMTCIpKTsKKysgICAgICAgIGNt YXAudXNlcmN1c3RvbSwgdXNlcm5hbWUgPyB1c2VybmFtZSA6ICJOVUxMIikpOworIAorICAgICAg IGlmIChjaGVja19yZXNwb25zZShtciwgMCkgPCAwKSB7CisgICAgICAgICByZXR1cm4gTlVMTDsK CmRpZmYgLS1naXQgYS9wcm9mdHBkLnNwZWMgYi9wcm9mdHBkLnNwZWMKaW5kZXggZDM2NjA5Yy4u NmYyMDM5NiAxMDA2NDQKLS0tIGEvcHJvZnRwZC5zcGVjCisrKyBiL3Byb2Z0cGQuc3BlYwpAQCAt MTcsNyArMTcsNyBAQAogJXVuZGVmaW5lIF9zdHJpY3Rfc3ltYm9sX2RlZnNfYnVpbGQKIAogI2ds b2JhbCBwcmV2ZXIgcmM0Ci0lZ2xvYmFsIGJhc2VyZWxlYXNlIDIKKyVnbG9iYWwgYmFzZXJlbGVh c2UgMwogJWdsb2JhbCBtb2RfcHJveHlfdmVyc2lvbiAwLjkuNQogJWdsb2JhbCBtb2RfdnJvb3Rf dmVyc2lvbiAwLjkuMTIKIApAQCAtNDcsNiArNDcsNyBAQCBQYXRjaDExOgkJaHR0cHM6Ly9naXRo dWIuY29tL3Byb2Z0cGQvcHJvZnRwZC9jb21taXQvMDRkODk5NTcucGF0Y2gKIFBhdGNoMTI6CQlo dHRwczovL2dpdGh1Yi5jb20vcHJvZnRwZC9wcm9mdHBkL2NvbW1pdC83ZTA3NmU4NC5wYXRjaAog UGF0Y2gxMzoJCWh0dHBzOi8vZ2l0aHViLmNvbS9wcm9mdHBkL3Byb2Z0cGQvY29tbWl0LzA3Nzk3 YWJhLnBhdGNoCiBQYXRjaDE0OgkJaHR0cHM6Ly9naXRodWIuY29tL3Byb2Z0cGQvcHJvZnRwZC9j b21taXQvNWUwNmFjYzQucGF0Y2gKK1BhdGNoMTU6CQlodHRwczovL2dpdGh1Yi5jb20vcHJvZnRw ZC9wcm9mdHBkL2NvbW1pdC8xYTVjZTY0Ni5wYXRjaAogCiBCdWlsZFJlcXVpcmVzOgkJY29yZXV0 aWxzCiBCdWlsZFJlcXVpcmVzOgkJZ2NjCkBAIC0yMzksNiArMjQwLDkgQEAgbXYgY29udHJpYi9S RUFETUUgY29udHJpYi9SRUFETUUuY29udHJpYgogJXBhdGNoIC1QIDEzIC1wMQogJXBhdGNoIC1Q IDE0IC1wMQogCisjIEFkZHJlc3MgYW5vdGhlciBhdmVudWUgZm9yIFNRTCBpbmplY3Rpb24sIHZp YSBjdXN0b20gU1FMVXNlckluZm8gcXVlcmllcworJXBhdGNoIC1QIDE1IC1wMQorCiAjIFR3ZWFr IGxvZ3JvdGF0ZSBzY3JpcHQgZm9yIHN5c3RlbWQgY29tcGF0aWJpbGl0eSAoIzgwMjE3OCkKIHNl ZCAtaSAtZSAnL2tpbGxhbGwvcy90ZXN0Liovc3lzdGVtY3RsIHRyeS1yZWxvYWQtb3ItcmVzdGFy dCBwcm9mdHBkLnNlcnZpY2UvJyBcCiAJY29udHJpYi9kaXN0L3JwbS9wcm9mdHBkLmxvZ3JvdGF0 ZQpAQCAtNDc2LDYgKzQ4MCw5IEBAIGZpCiAle19tYW5kaXJ9L21hbjEvZnRwd2hvLjEqCiAKICVj aGFuZ2Vsb2cKKyogVHVlIE1heSAxOSAyMDI2IFBhdWwgSG93YXJ0aCA8cGF1bEBjaXR5LWZhbi5v cmc+IC0gMS4zLjlhLTMKKy0gQWRkcmVzcyBhbm90aGVyIGF2ZW51ZSBmb3IgU1FMIGluamVjdGlv biwgdmlhIGN1c3RvbSBTUUxVc2VySW5mbyBxdWVyaWVzCisKICogTW9uIE1heSAxMSAyMDI2IFBh dWwgSG93YXJ0aCA8cGF1bEBjaXR5LWZhbi5vcmc+IC0gMS4zLjlhLTIKIC0gQWRkaXRpb25hbCBl c2NhcGluZyBmb3IgYXZvaWRhbmNlIG9mIFNRTCBpbmplY3Rpb24gaXNzdWVzIHdpdGggJSV7bm90 ZTouLi59CiAgIGFuZCAlJXtlbnY6Li4ufTsgdGhlc2UgYXJlIG9uIHRvcCBvZiB0aGUgZXhpc3Rp bmcgZml4IGZvciBDVkUtMjAyNi00MjE2NyBpbgo=