[Asterisk-code-review] cel pgsql.c: Fix buffer overflow calling libpq (asterisk[13])
Sean Bright
asteriskteam at digium.com
Mon Mar 27 13:53:37 CDT 2017
Sean Bright has posted comments on this change. ( https://gerrit.asterisk.org/5333 )
Change subject: cel_pgsql.c: Fix buffer overflow calling libpq
......................................................................
Patch Set 2: Code-Review-1
(3 comments)
A couple more fixes and this looks good.
https://gerrit.asterisk.org/#/c/5333/2/cel/cel_pgsql.c
File cel/cel_pgsql.c:
Line 191: int bufsize = 513;
Make this a size_t instead of an int
Line 323: if (strlen(value) >= bufsize) {
Change this to:
if (strlen(value) * 2 + 1 > bufsize)
As it is now, you aren't increasing the escapebuf length when necessary.
Line 325: escapebuf = (char *)ast_realloc(escapebuf, bufsize);
The cast is not necessary. You should drop it.
--
To view, visit https://gerrit.asterisk.org/5333
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: If611c734292618ed68dde17816d09dd16667dea2
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: twisted <josh at asteriasgi.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
Gerrit-HasComments: Yes
More information about the asterisk-code-review
mailing list