]> WPIA git - gigi.git/blobdiff - src/org/cacert/gigi/dbObjects/EmailAddress.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
FIX: race conditions by coverity.
[gigi.git] / src / org / cacert / gigi / dbObjects / EmailAddress.java
diff --git a/src/org/cacert/gigi/dbObjects/EmailAddress.java b/src/org/cacert/gigi/dbObjects/EmailAddress.java
index f91881800e919acda4a0978f2d7e1c9a5d935aac..3ca39b6d2c9d2178b6e2564965d772c1e5d804db 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/EmailAddress.java
+++ b/src/org/cacert/gigi/dbObjects/EmailAddress.java
@@ -22,7 +22,7 @@ public class EmailAddress implements IdCachable {
     private String hash = null;
 
     private EmailAddress(int id) {
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT memid, email, hash FROM `emails` WHERE id=? AND deleted=0");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT memid, email, hash FROM `emails` WHERE id=? AND deleted is NULL");
         ps.setInt(1, id);
 
         GigiResultSet rs = ps.executeQuery();
@@ -45,16 +45,22 @@ public class EmailAddress implements IdCachable {
         this.hash = RandomToken.generateToken(16);
     }
 
-    public void insert(Language l) {
-        if (id != 0) {
-            throw new IllegalStateException("already inserted.");
-        }
+    public void insert(Language l) throws GigiApiException {
         try {
+            if (id != 0) {
+                throw new IllegalStateException("already inserted.");
+            }
+            GigiPreparedStatement psCheck = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `emails` WHERE email=? AND deleted is NULL");
             GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `emails` SET memid=?, hash=?, email=?");
             ps.setInt(1, owner.getId());
             ps.setString(2, hash);
             ps.setString(3, address);
+            psCheck.setString(1, address);
             synchronized (EmailAddress.class) {
+                GigiResultSet res = psCheck.executeQuery();
+                if (res.next()) {
+                    throw new GigiApiException("The email is currently valid");
+                }
                 ps.execute();
                 id = ps.lastInsertId();
                 myCache.put(this);
WPIA Certificate Web Issuance Platform