Overview

File openvas-manager-CVE-2014-9220.patch of Package openvas-manager

--- branches/openvas-manager-4.0/src/manage_sql.c	2014/11/03 14:13:38	20762
+++ branches/openvas-manager-4.0/src/manage_sql.c	2014/11/28 15:16:04	21055
@@ -39541,7 +39541,7 @@
                  time_t period, time_t period_months, time_t duration,
                  const char* timezone, schedule_t *schedule)
 {
-  gchar *quoted_name = sql_quote (name);
+  gchar *quoted_name = sql_quote (name), *quoted_timezone;
   gchar *insert_timezone;
   long offset;
 
@@ -39585,6 +39585,7 @@
     }
 
   offset = current_offset (insert_timezone);
+  quoted_timezone = sql_quote (insert_timezone);
 
   if (comment)
     {
@@ -39600,7 +39601,7 @@
            "  '%s',"
            "  %li, now(), now());",
            quoted_name, current_credentials.uuid, quoted_comment, first_time,
-           period, period_months, duration, insert_timezone, offset);
+           period, period_months, duration, quoted_timezone, offset);
       g_free (quoted_comment);
     }
   else
@@ -39615,13 +39616,14 @@
          "  '%s',"
          "  %li, now(), now());",
          quoted_name, current_credentials.uuid, first_time, period,
-         period_months, duration, insert_timezone, offset);
+         period_months, duration, quoted_timezone, offset);
 
   if (schedule)
     *schedule = sqlite3_last_insert_rowid (task_db);
 
   g_free (quoted_name);
   g_free (insert_timezone);
+  g_free (quoted_timezone);
 
   sql ("COMMIT;");
openSUSE Build Service is sponsored by
Places