Fix off by one bug in dbvsnprintf, convert noperserv to use safe queries.

diff --git a/dbapi2/dbapi2.c b/dbapi2/dbapi2.c
index cb33c8254c4a427b43e5eb7d79c4f10a6984b929..cd47056072c96f00589e4cd4c8f112b7cd81be83 100644 (file)
--- a/dbapi2/dbapi2.c
+++ b/dbapi2/dbapi2.c
@@ -287,7 +287,7 @@ static void dbvsnprintf(const DBAPIConn *db, char *buf, size_t size, const char
         break;
       continue;
     }
-    p++;
+
     if(arg >= argcount)
       Error("dbapi2", ERR_STOP, "Gone over number of arguments in dbvsnprintf, format: '%s', database: %s", format, db->name);
 

diff --git a/noperserv/noperserv_db.c b/noperserv/noperserv_db.c
index ab30dc58e67b5925222942c94103f49a1d94ad6e..d54ebb952391930dd0d9857f849bed58c636c50e 100644 (file)
--- a/noperserv/noperserv_db.c
+++ b/noperserv/noperserv_db.c
@@ -28,7 +28,7 @@ no_autheduser *authedusers = NULL;
 void noperserv_create_tables(void);
 
 void noperserv_free_user(no_autheduser *au);
-void noperserv_load_users(DBAPIResult *res, void *arg);
+void noperserv_load_users(const DBAPIResult *res, void *arg);
 
 void noperserv_check_nick(nick *np);
 void noperserv_nick_account(int hooknum, void *arg);
@@ -53,13 +53,13 @@ int noperserv_load_db(void) {
 
   noperserv_create_tables();
 
-  nodb->query(nodb, noperserv_load_users, NULL,
-    "SELECT ID, authname, flags, noticelevel FROM %s", nodb->tablename(nodb, "users"));
+  nodb->safequery(nodb, noperserv_load_users, NULL,
+    "SELECT ID, authname, flags, noticelevel FROM ?", "T", "users");
 
   return 1;
 }
 
-void noperserv_load_users(DBAPIResult *res, void *arg) {
+void noperserv_load_users(const DBAPIResult *res, void *arg) {
   no_autheduser *nu;
   nick *np;
   int i;
@@ -103,13 +103,13 @@ void noperserv_load_users(DBAPIResult *res, void *arg) {
 }
 
 void noperserv_create_tables(void) {
-  nodb->createtable(nodb, NULL, NULL,
-    "CREATE TABLE %s ("
+  nodb->safecreatetable(nodb, NULL, NULL,
+    "CREATE TABLE ? ("
       "ID            INT               NOT NULL,"
-      "authname      VARCHAR(%d)       NOT NULL,"
+      "authname      VARCHAR(?)       NOT NULL,"
       "flags         INT               NOT NULL,"
       "noticelevel   INT               NOT NULL,"
-      "PRIMARY KEY (ID))", nodb->tablename(nodb, "users"), ACCOUNTLEN);
+      "PRIMARY KEY (ID))", "Td", "users", ACCOUNTLEN);
 }
 
 void noperserv_cleanup_db(void) {
@@ -155,7 +155,7 @@ void noperserv_delete_autheduser(no_autheduser *au) {
   no_autheduser *ap = authedusers, *lp = NULL;
 
   if(!au->newuser)
-    nodb->squery(nodb, "DELETE FROM %s WHERE id = %lu", nodb->tablename(nodb, "users"), au->id);
+    nodb->safesquery(nodb, "DELETE FROM ? WHERE id = ?", "Tu", "users", au->id);
 
   for(;ap;lp=ap,ap=ap->next) {
     if(ap == au) {
@@ -174,10 +174,10 @@ void noperserv_update_autheduser(no_autheduser *au) {
   if(au->newuser) {
     char escapedauthname[ACCOUNTLEN * 2 + 1];
     nodb->escapestring(nodb, escapedauthname, au->authname->content, au->authname->length);
-    nodb->squery(nodb, "INSERT INTO %s (id, authname, flags, noticelevel) VALUES (%lu,'%s',%u,%u)", nodb->tablename(nodb, "users"), au->id, au->authname->content, NOGetAuthLevel(au), NOGetNoticeLevel(au));
+    nodb->safesquery(nodb, "INSERT INTO ? (id, authname, flags, noticelevel) VALUES (?,?,?,?)", "Tusuu", "users", au->id, au->authname->content, NOGetAuthLevel(au), NOGetNoticeLevel(au));
     au->newuser = 0;
   } else {
-    nodb->squery(nodb, "UPDATE %s SET flags = %u, noticelevel = %u WHERE id = %lu", nodb->tablename(nodb, "users"), NOGetAuthLevel(au), NOGetNoticeLevel(au), au->id);
+    nodb->safesquery(nodb, "UPDATE ? SET flags = ?, noticelevel = ? WHERE id = ?", "Tuuu", "users", NOGetAuthLevel(au), NOGetNoticeLevel(au), au->id);
   }
 }