[Asterisk-code-review] res config sqlite3: Fix crashes when reading peers from sqli... (asterisk[11])
Mark Michelson
asteriskteam at digium.com
Tue Feb 23 16:01:43 CST 2016
Mark Michelson has uploaded a new change for review.
https://gerrit.asterisk.org/2284
Change subject: res_config_sqlite3: Fix crashes when reading peers from sqlite3 tables
......................................................................
res_config_sqlite3: Fix crashes when reading peers from sqlite3 tables
Introduced realloaction of ast_str buf in sqlite3_escape functions in case
the returned buffer from threadstorage was actually too small.
Change-Id: I3c5eb43aaade93ee457943daddc651781954c445
---
M res/res_config_sqlite3.c
1 file changed, 14 insertions(+), 2 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/84/2284/1
diff --git a/res/res_config_sqlite3.c b/res/res_config_sqlite3.c
index 075830d..4828337 100644
--- a/res/res_config_sqlite3.c
+++ b/res/res_config_sqlite3.c
@@ -118,8 +118,14 @@
* add two quotes, and convert NULL pointers to the word "NULL", but we
* don't allow those anyway. Just going to use %q for now. */
struct ast_str *buf = ast_str_thread_get(ts, maxlen);
- char *tmp = ast_str_buffer(buf);
char q = ts == &escape_value_buf ? '\'' : '"';
+ char *tmp;
+
+ if (ast_str_size(buf) < maxlen) {
+ /* realloc if buf is too small */
+ ast_str_make_space(&buf, maxlen);
+ }
+ tmp = ast_str_buffer(buf);
ast_str_reset(buf);
*tmp++ = q; /* Initial quote */
@@ -151,9 +157,15 @@
{
size_t maxlen = strlen(param) * 2 + sizeof("\"\" =");
struct ast_str *buf = ast_str_thread_get(&escape_column_buf, maxlen);
- char *tmp = ast_str_buffer(buf);
+ char *tmp;
int space = 0;
+ if (ast_str_size(buf) < maxlen) {
+ /* realloc if buf is too small */
+ ast_str_make_space(&buf, maxlen);
+ }
+ tmp = ast_str_buffer(buf);
+
ast_str_reset(buf);
*tmp++ = '"';
while ((*tmp++ = *param++)) {
--
To view, visit https://gerrit.asterisk.org/2284
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3c5eb43aaade93ee457943daddc651781954c445
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 11
Gerrit-Owner: Mark Michelson <mmichelson at digium.com>
Gerrit-Reviewer: Christof Lauber <christof.lauber at annax.ch>
More information about the asterisk-code-review
mailing list