[Asterisk-code-review] cel pgsql.c: Fix buffer overflow calling libpq (asterisk[11.25])
Sean Bright
asteriskteam at digium.com
Mon Mar 27 12:03:44 CDT 2017
Sean Bright has posted comments on this change. ( https://gerrit.asterisk.org/5331 )
Change subject: cel_pgsql.c: Fix buffer overflow calling libpq
......................................................................
Patch Set 1: Code-Review-1
(2 comments)
https://gerrit.asterisk.org/#/c/5331/1/cel/cel_pgsql.c
File cel/cel_pgsql.c:
Line 154: escapebuf = malloc(sizeof(char) * 513);
You should use ast_malloc or ast_calloc here. You will also need to ast_free this pointer at some point.
Line 284: if (strlen(value) >= sizeof(escapebuf)) {
sizeof(…) is going to return 4 or 8 here depending on your architecture. You will need to track the allocated length of escapebuf separately.
Also, the libpq documentation says:
> to shall point to a buffer that is able to hold at least one more byte than twice the value of length
So you should adjust your calculation accordingly. Also you should be using ast_realloc.
--
To view, visit https://gerrit.asterisk.org/5331
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: If611c734292618ed68dde17816d09dd16667dea2
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 11.25
Gerrit-Owner: twisted <josh at asteriasgi.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: twisted <josh at asteriasgi.com>
Gerrit-HasComments: Yes
More information about the asterisk-code-review
mailing list