[Asterisk-code-review] cel pgsql.c: Fix buffer overflow calling libpq (asterisk[13])
twisted
asteriskteam at digium.com
Mon Mar 27 14:43:49 CDT 2017
Hello Anonymous Coward #1000019, Sean Bright,
I'd like you to reexamine a change. Please visit
https://gerrit.asterisk.org/5333
to look at the new patch set (#4).
Change subject: cel_pgsql.c: Fix buffer overflow calling libpq
......................................................................
cel_pgsql.c: Fix buffer overflow calling libpq
PQEscapeStringConn() expects the buffer passed in to be an
adequitely sized buffer to write out the escaped SQL value string
into. It is possible, for large values (such as large values to
Dial with a lot of devices) to have more than our 512+1 byte
allocation and thus cause libpq to create a buffer overrun.
glibc will nicely ABRT asterisk for you, citing a stack smash.
Let's only allocate it to be as large as needed:
If we have a value, then (strlen(value) * 2) + 1 (as recommended
by libpq), and if we have none, just one byte to hold our null
will do.
ASTERISK-26896 #close
Change-Id: If611c734292618ed68dde17816d09dd16667dea2
---
M cel/cel_pgsql.c
1 file changed, 22 insertions(+), 1 deletion(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/33/5333/4
--
To view, visit https://gerrit.asterisk.org/5333
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: If611c734292618ed68dde17816d09dd16667dea2
Gerrit-PatchSet: 4
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: twisted <josh at asteriasgi.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
More information about the asterisk-code-review
mailing list