[asterisk-commits] mmichelson: branch 11 r413305 - in /branches/11: ./ res/res_config_odbc.c

Tue May 6 12:01:35 CDT 2014

Author: mmichelson
Date: Tue May  6 12:01:30 2014
New Revision: 413305

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=413305
Log:
Ensure that all parts of SQL UPDATEs and DELETEs are encoded.

Patches:
	res_config_odbc.patch by John Hardin (License #6512)
........

Merged revisions 413304 from http://svn.asterisk.org/svn/asterisk/branches/1.8

Modified:
    branches/11/   (props changed)
    branches/11/res/res_config_odbc.c

Propchange: branches/11/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Modified: branches/11/res/res_config_odbc.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/res/res_config_odbc.c?view=diff&rev=413305&r1=413304&r2=413305
==============================================================================

--- branches/11/res/res_config_odbc.c (original)
+++ branches/11/res/res_config_odbc.c Tue May  6 12:01:30 2014
@@ -59,6 +59,26 @@
 	unsigned long long skip;
 };
 
+#define ENCODE_CHUNK(buffer, s) \
+	do { \
+		char *eptr = buffer; \
+		const char *vptr = s; \
+		for (; *vptr && eptr < buffer + sizeof(buffer); vptr++) { \
+			if (strchr("^;", *vptr)) { \
+				/* We use ^XX, instead of %XX because '%' is a special character in SQL */ \
+				snprintf(eptr, buffer + sizeof(buffer) - eptr, "^%02hhX", *vptr); \
+				eptr += 3; \
+			} else { \
+				*eptr++ = *vptr; \
+			} \
+		} \
+		if (eptr < buffer + sizeof(buffer)) { \
+			*eptr = '\0'; \
+		} else { \
+			buffer[sizeof(buffer) - 1] = '\0'; \
+		} \
+	} while(0)
+
 static void decode_chunk(char *chunk)
 {
 	for (; *chunk; chunk++) {
@@ -108,22 +128,7 @@
 		}
 		ast_debug(1, "Parameter %d ('%s') = '%s'\n", x, newparam, newval);
 		if (strchr(newval, ';') || strchr(newval, '^')) {
-			char *eptr = encodebuf;
-			const char *vptr = newval;
-			for (; *vptr && eptr < encodebuf + sizeof(encodebuf); vptr++) {
-				if (strchr("^;", *vptr)) {
-					/* We use ^XX, instead of %XX because '%' is a special character in SQL */
-					snprintf(eptr, encodebuf + sizeof(encodebuf) - eptr, "^%02hhX", *vptr);
-					eptr += 3;
-				} else {
-					*eptr++ = *vptr;
-				}
-			}
-			if (eptr < encodebuf + sizeof(encodebuf)) {
-				*eptr = '\0';
-			} else {
-				encodebuf[sizeof(encodebuf) - 1] = '\0';
-			}
+			ENCODE_CHUNK(encodebuf, newval);
 			ast_string_field_set(cps, encoding[x], encodebuf);
 			newval = cps->encoding[x];
 		}
@@ -131,8 +136,16 @@
 	}
 	va_end(ap);
 
-	if (!ast_strlen_zero(cps->extra))
-		SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(cps->extra), 0, (void *)cps->extra, 0, NULL);
+	if (!ast_strlen_zero(cps->extra)) {
+		if (strchr(cps->extra, ';') || strchr(cps->extra, '^')) {
+			ENCODE_CHUNK(encodebuf, cps->extra);
+			SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(encodebuf), 0, (void *)encodebuf, 0, NULL);
+		} 
+		else {
+			SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(cps->extra), 0, (void *)cps->extra, 0, NULL);
+		}
+	}
+
 	return stmt;
 }
 


