[Asterisk-code-review] func_db: Add validity check for key names when writing. (asterisk[master])

Kevin Harwell asteriskteam at digium.com
Wed Feb 23 15:20:00 CST 2022 

Kevin Harwell has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/18060 )

Change subject: func_db: Add validity check for key names when writing.
......................................................................

func_db: Add validity check for key names when writing.

Adds a simple sanity check for key names when users are
writing data to AstDB. This captures four cases indicating
malformed keynames that generally result in bad data going
into the DB that the user didn't intend: an empty key name,
a key name beginning or ending with a slash, and a key name
containing two slashes in a row. Generally, this is the
result of a variable being used in the key name being empty.

If a malformed key name is detected, a warning is emitted
to indicate the bug in the dialplan.

ASTERISK-29925 #close

Change-Id: Ifc08a9fe532a519b1b80caca1aafed7611d573bf
---
M funcs/func_db.c
1 file changed, 7 insertions(+), 1 deletion(-)

Approvals:
  Joshua Colp: Looks good to me, but someone else must approve
  Kevin Harwell: Looks good to me, approved; Approved for Submit



diff --git a/funcs/func_db.c b/funcs/func_db.c
index 126e3e9..3f98ed0 100644
--- a/funcs/func_db.c
+++ b/funcs/func_db.c
@@ -173,7 +173,13 @@
 		ast_log(LOG_WARNING, "DB requires an argument, DB(<family>/<key>)=value\n");
 		return -1;
 	}
-
+	/*
+	* When keynames are dynamically created using variables, if the variable is empty, this put bad data into the DB.
+	* In particular, a few cases: an empty key name, a key starting or ending with a /, and a key containing // two slashes.
+	* If this happens, allow it to go in, but warn the user of the issue and possible data corruption. */
+	if (ast_strlen_zero(args.key) || args.key[0] == '/' || args.key[strlen(args.key) - 1] == '/' || strstr(args.key, "//")) {
+		ast_log(LOG_WARNING, "DB: key '%s' seems malformed\n", args.key);
+	}
 	if (ast_db_put(args.family, args.key, value)) {
 		ast_log(LOG_WARNING, "DB: Error writing value to database.\n");
 	}

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/18060
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Ifc08a9fe532a519b1b80caca1aafed7611d573bf
Gerrit-Change-Number: 18060
Gerrit-PatchSet: 2
Gerrit-Owner: N A <mail at interlinked.x10host.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220223/ea7adc91/attachment.html>

More information about the asterisk-code-review mailing list