The use of sprintf(3) to assemble SQL queries gives rise to a risk of SQL injection vulnerabilities. One has already been spotted, and more details will be posted in the comments of this issue once it is closed. Others may exist.
The immediate solution is to replace all sprintf(3) query assembly code with proper SQLite parameter binding code. A longer term solution must ensure that developers and contributors no longer use sprintf(3) to build queries in future.
The longer term solution is to produce a multi-binding vararg function that can bind many parameters in a single, self-documenting, and easily copied/pasted/hacked form. Since almost all SQL code is written by copying existing code and hacking on it, the uniform use of this function throughout the Serval DNA source code will minimise the chance of reverting to the sprintf(3) method in future. This function will centralise handling of any bind errors (eg, type mismatches), perform convenient parameter format conversions (eg, binary SID to ASCII hex) and may provide other conveniences (eg, logging control) that will compel developers to prefer it over sprintf(3) code.
The use of sprintf(3) to assemble SQL queries gives rise to a risk of SQL injection vulnerabilities. One has already been spotted, and more details will be posted in the comments of this issue once it is closed. Others may exist.
The immediate solution is to replace all sprintf(3) query assembly code with proper SQLite parameter binding code. A longer term solution must ensure that developers and contributors no longer use sprintf(3) to build queries in future.
The longer term solution is to produce a multi-binding vararg function that can bind many parameters in a single, self-documenting, and easily copied/pasted/hacked form. Since almost all SQL code is written by copying existing code and hacking on it, the uniform use of this function throughout the Serval DNA source code will minimise the chance of reverting to the sprintf(3) method in future. This function will centralise handling of any bind errors (eg, type mismatches), perform convenient parameter format conversions (eg, binary SID to ASCII hex) and may provide other conveniences (eg, logging control) that will compel developers to prefer it over sprintf(3) code.