Proposed stupid-patch for the testing distribution.
If there isn't apex in the supplied argumenti it's impossible to modify
the SQL query.
Bye,
Gerardo
diff -Nru /tmp/4fCGVl7C4o/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c
/tmp/pjjbxPhZcv/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c
--- /tmp/4fCGVl7C4o/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c
2002-03-02 15:45:02.000000000 +0000
+++ /tmp/pjjbxPhZcv/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c
2005-05-06 07:27:23.639379832 +0000
@@ -61,9 +61,12 @@
*/
+ if (strstr(argv[1], "'") == NULL){
command_length = strlen(SQL_SELECT) + strlen(argv[1]) + strlen(argv[2]);
command = (char *) malloc(command_length*sizeof(char));
sprintf(command,SQL_SELECT,argv[1]);
+ }
+ else exit(-1);
/*
