From 81a1a45454a1043c38bce8a25d5b52693f644c40 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Tue, 24 Feb 2026 12:26:46 +0200
Subject: [PATCH] [PATCH 10/24] auth: userdb sql - Fix escaping for user
 iteration

This is mostly a non-issue, since userdb iteration doesn't take any
untrusted input.

Broken by ef0c63b690e6ef9fbd53cb815dfab50d1667ba3a

Gbp-Pq: Name CVE-2026-24031-27860-7.patch
---
 src/auth/userdb-sql.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/auth/userdb-sql.c b/src/auth/userdb-sql.c
index 349f61c..09bac48 100644
--- a/src/auth/userdb-sql.c
+++ b/src/auth/userdb-sql.c
@@ -180,9 +180,13 @@ userdb_sql_iterate_init(struct auth_request *auth_request,
 	ctx->ctx.context = context;
 	auth_request_ref(auth_request);
 
-	if (settings_get(authdb_event(auth_request),
-			 &userdb_sql_setting_parser_info, 0,
-			 &set, &error) < 0) {
+	const struct settings_get_params params = {
+		.escape_func = userdb_sql_escape,
+		.escape_context = module->db,
+	};
+	if (settings_get_params(authdb_event(auth_request),
+				&userdb_sql_setting_parser_info, &params,
+				&set, &error) < 0) {
 		e_error(authdb_event(auth_request), "%s", error);
 		ctx->ctx.failed = TRUE;
 		return &ctx->ctx;
-- 
2.30.2