===================================================================
RCS file: /web/pages/us.freeradius.org/cvs/radiusd/src/modules/rlm_sql/rlm_sql.c,v
retrieving revision 1.131.2.1
retrieving revision 1.131.2.3
diff -u -p -r1.131.2.1 -r1.131.2.3
--- radiusd/src/modules/rlm_sql/rlm_sql.c	2004/09/30 14:54:22	1.131.2.1
+++ radiusd/src/modules/rlm_sql/rlm_sql.c	2005/05/18 13:22:18	1.131.2.3
@@ -2,7 +2,7 @@
  * rlm_sql.c		SQL Module
  * 		Main SQL module file. Most ICRADIUS code is located in sql.c
  *
- * Version:	$Id$
+ * Version:	$Id$
  *
  *   This program is free software; you can redistribute it and/or modify
  *   it under the terms of the GNU General Public License as published by
@@ -24,7 +24,7 @@
  */
 
 static const char rcsid[] =
-	"$Id$";
+	"$Id$";
 
 #include "autoconf.h"
 
@@ -158,6 +158,7 @@ static int rlm_sql_init(void) {
  */
 static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username);
 static int generate_sql_clients(SQL_INST *inst);
+static int sql_escape_func(char *out, int outlen, const char *in);
 
 /*
  *	sql xlat function. Right now only SELECTs are supported. Only
@@ -184,7 +185,7 @@ static int sql_xlat(void *instance, REQU
 	/*
 	 * Do an xlat on the provided string (nice recursive operation).
 	 */
-	if (!radius_xlat(querystr, sizeof(querystr), fmt, request, func)) {
+	if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) {
 		radlog(L_ERR, "rlm_sql (%s): xlat failed.",
 		       inst->config->xlat_name);
 		return 0;
@@ -409,18 +410,18 @@ static int sql_escape_func(char *out, in
 
 	while (in[0]) {
 		/*
-		 *  Only one byte left.
-		 */
-		if (outlen <= 1) {
-			break;
-		}
-
-		/*
 		 *	Non-printable characters get replaced with their
 		 *	mime-encoded equivalents.
 		 */
 		if ((in[0] < 32) ||
 		    strchr(allowed_chars, *in) == NULL) {
+			/*
+			 *	Only 3 or less bytes available.
+			 */
+			if (outlen <= 3) {
+				break;
+			}
+
 			snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
 			in++;
 			out += 3;
@@ -430,7 +431,14 @@ static int sql_escape_func(char *out, in
 		}
 
 		/*
-		 *	Else it's a nice character.
+		 *	Only one byte left.
+		 */
+		if (outlen <= 1) {
+			break;
+		}
+
+		/*
+		 *	Allowed character.
 		 */
 		*out = *in;
 		out++;
@@ -517,7 +525,7 @@ static int sql_groupcmp(void *instance, 
 	 */
 	if (sql_set_user(inst, req, sqlusername, 0) < 0)
 		return 1;
-	if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, NULL)){
+	if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, sql_escape_func)){
 		radlog(L_ERR, "rlm_sql (%s): xlat failed.",
 		       inst->config->xlat_name);
 		/* Remove the username we (maybe) added above */
@@ -1149,7 +1157,7 @@ static int rlm_sql_checksimul(void *inst
 	if(sql_set_user(inst, request, sqlusername, 0) <0)
 		return RLM_MODULE_FAIL;
 
-	radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, NULL);
+	radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func);
 
 	/* initialize the sql socket */
 	sqlsocket = sql_get_socket(inst);
@@ -1193,7 +1201,7 @@ static int rlm_sql_checksimul(void *inst
 		return RLM_MODULE_OK;
 	}
 
-	radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, NULL);
+	radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func);
 	if(rlm_sql_select_query(sqlsocket, inst, querystr)) {
 		radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name);
 		sql_release_socket(inst, sqlsocket);