[Asterisk-code-review] cel pgsql.c: Fix buffer overflow calling libpq (asterisk[11.25])
Sean Bright
asteriskteam at digium.com
Mon Mar 27 12:43:29 CDT 2017
Sean Bright has posted comments on this change. ( https://gerrit.asterisk.org/5331 )
Change subject: cel_pgsql.c: Fix buffer overflow calling libpq
......................................................................
Patch Set 2: Code-Review-1
(2 comments)
This will need to be rebased against Asterisk 13 to get merged. We no longer accept patches to Asterisk 12 or lower.
https://gerrit.asterisk.org/#/c/5331/2/cel/cel_pgsql.c
File cel/cel_pgsql.c:
Line 150: char *escapebuf;
Because this may never be assigned, you'll need to initialize this to NULL.
Line 282: escapebuf = ast_malloc((strlen(value) * 2) + 1);
You're in a loop here so you may leak this allocation. Same with the ast_malloc two lines down.
Your original approach of allocating once outside of the loop and then reallocating if necessary was better.
--
To view, visit https://gerrit.asterisk.org/5331
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: If611c734292618ed68dde17816d09dd16667dea2
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: 11.25
Gerrit-Owner: twisted <josh at asteriasgi.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: twisted <josh at asteriasgi.com>
Gerrit-HasComments: Yes
More information about the asterisk-code-review
mailing list