<p>N A has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/18060">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">func_db: Add validity check for key names when writing.<br><br>Adds a simple sanity check for key names when users are<br>writing data to AstDB. This captures four cases indicating<br>malformed keynames that generally result in bad data going<br>into the DB that the user didn't intend: an empty key name,<br>a key name beginning or ending with a slash, and a key name<br>containing two slashes in a row. Generally, this is the<br>result of a variable being used in the key name being empty.<br><br>If a malformed key name is detected, a warning is emitted<br>to indicate the bug in the dialplan.<br><br>ASTERISK-29925 #close<br><br>Change-Id: Ifc08a9fe532a519b1b80caca1aafed7611d573bf<br>---<br>M funcs/func_db.c<br>1 file changed, 7 insertions(+), 1 deletion(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/60/18060/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/funcs/func_db.c b/funcs/func_db.c</span><br><span>index 126e3e9..3f98ed0 100644</span><br><span>--- a/funcs/func_db.c</span><br><span>+++ b/funcs/func_db.c</span><br><span>@@ -173,7 +173,13 @@</span><br><span> ast_log(LOG_WARNING, "DB requires an argument, DB(<family>/<key>)=value\n");</span><br><span> return -1;</span><br><span> }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(120, 100%, 40%);">+ /*</span><br><span style="color: hsl(120, 100%, 40%);">+ * When keynames are dynamically created using variables, if the variable is empty, this put bad data into the DB.</span><br><span style="color: hsl(120, 100%, 40%);">+ * In particular, a few cases: an empty key name, a key starting or ending with a /, and a key containing // two slashes.</span><br><span style="color: hsl(120, 100%, 40%);">+ * If this happens, allow it to go in, but warn the user of the issue and possible data corruption. */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_strlen_zero(args.key) || args.key[0] == '/' || args.key[strlen(args.key) - 1] == '/' || strstr(args.key, "//")) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_WARNING, "DB: key '%s' seems malformed\n", args.key);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> if (ast_db_put(args.family, args.key, value)) {</span><br><span> ast_log(LOG_WARNING, "DB: Error writing value to database.\n");</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/18060">change 18060</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/18060"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ifc08a9fe532a519b1b80caca1aafed7611d573bf </div>
<div style="display:none"> Gerrit-Change-Number: 18060 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: N A <mail@interlinked.x10host.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>