[asterisk-addons-commits] tilghman: trunk r711 - in /trunk: cdr/ channels/ res/

SVN commits to the Asterisk addons project asterisk-addons-commits at lists.digium.com
Mon Dec 15 17:54:39 CST 2008


Author: tilghman
Date: Mon Dec 15 17:54:39 2008
New Revision: 711

URL: http://svn.digium.com/view/asterisk-addons?view=rev&rev=711
Log:
Convert addons to use ast_str opacity, fixing some bugs along the way.

Modified:
    trunk/cdr/cdr_addon_mysql.c
    trunk/channels/chan_ooh323.c
    trunk/res/res_config_mysql.c

Modified: trunk/cdr/cdr_addon_mysql.c
URL: http://svn.digium.com/view/asterisk-addons/trunk/cdr/cdr_addon_mysql.c?view=diff&rev=711&r1=710&r2=711
==============================================================================
--- trunk/cdr/cdr_addon_mysql.c (original)
+++ trunk/cdr/cdr_addon_mysql.c Mon Dec 15 17:54:39 2008
@@ -39,6 +39,7 @@
 #include <asterisk/cli.h>
 #include <asterisk/strings.h>
 #include <asterisk/linkedlists.h>
+#include <asterisk/threadstorage.h>
 
 #include <stdio.h>
 #include <string.h>
@@ -55,6 +56,11 @@
 #include <errno.h>
 
 #define DATE_FORMAT "%Y-%m-%d %T"
+
+AST_THREADSTORAGE(sql1_buf);
+AST_THREADSTORAGE(sql2_buf);
+AST_THREADSTORAGE(escape_buf);
+
 static char *desc = "MySQL CDR Backend";
 static char *name = "mysql";
 static char *config = "cdr_mysql.conf";
@@ -113,16 +119,16 @@
 		char status[256], status2[100] = "";
 		int ctime = time(NULL) - connect_time;
 		if (dbport)
-			snprintf(status, 255, "Connected to %s@%s, port %d", dbname->str, hostname->str, dbport);
+			snprintf(status, 255, "Connected to %s@%s, port %d", ast_str_buffer(dbname), ast_str_buffer(hostname), dbport);
 		else if (dbsock)
-			snprintf(status, 255, "Connected to %s on socket file %s", dbname->str, S_OR(dbsock->str, "default"));
+			snprintf(status, 255, "Connected to %s on socket file %s", ast_str_buffer(dbname), S_OR(ast_str_buffer(dbsock), "default"));
 		else
-			snprintf(status, 255, "Connected to %s@%s", dbname->str, hostname->str);
-
-		if (!ast_strlen_zero(dbuser->str))
-			snprintf(status2, 99, " with username %s", dbuser->str);
-		if (!ast_strlen_zero(dbtable->str))
-			snprintf(status2, 99, " using table %s", dbtable->str);
+			snprintf(status, 255, "Connected to %s@%s", ast_str_buffer(dbname), ast_str_buffer(hostname));
+
+		if (!ast_strlen_zero(ast_str_buffer(dbuser)))
+			snprintf(status2, 99, " with username %s", ast_str_buffer(dbuser));
+		if (ast_str_strlen(dbtable))
+			snprintf(status2, 99, " using table %s", ast_str_buffer(dbtable));
 		if (ctime > 31536000) {
 			ast_cli(a->fd, "%s%s for %d years, %d days, %d hours, %d minutes, %d seconds.\n", status, status2, ctime / 31536000, (ctime % 31536000) / 86400, (ctime % 86400) / 3600, (ctime % 3600) / 60, ctime % 60);
 		} else if (ctime > 86400) {
@@ -151,8 +157,7 @@
 
 static int mysql_log(struct ast_cdr *cdr)
 {
-	char *sql1 = ast_calloc(1, 4096), *sql2 = ast_calloc(1, 2048);
-	int sql1size = 4096, sql2size = 2048;
+	struct ast_str *sql1 = ast_str_thread_get(&sql1_buf, 1024), *sql2 = ast_str_thread_get(&sql2_buf, 1024);
 	int retries = 5;
 #if MYSQL_VERSION_ID >= 50013
 	my_bool my_bool_true = 1;
@@ -180,19 +185,19 @@
 		}
 #endif
 		if (ssl_ca || ssl_cert || ssl_key) {
-			mysql_ssl_set(&mysql, ssl_key ? ssl_key->str : NULL, ssl_cert ? ssl_cert->str : NULL, ssl_ca ? ssl_ca->str : NULL, NULL, NULL);
-		}
-		if (mysql_real_connect(&mysql, hostname->str, dbuser->str, password->str, dbname->str, dbport, dbsock && !ast_strlen_zero(dbsock->str) ? dbsock->str : NULL, ssl_ca ? CLIENT_SSL : 0)) {
+			mysql_ssl_set(&mysql, ssl_key ? ast_str_buffer(ssl_key) : NULL, ssl_cert ? ast_str_buffer(ssl_cert) : NULL, ssl_ca ? ast_str_buffer(ssl_ca) : NULL, NULL, NULL);
+		}
+		if (mysql_real_connect(&mysql, ast_str_buffer(hostname), ast_str_buffer(dbuser), ast_str_buffer(password), ast_str_buffer(dbname), dbport, dbsock && ast_str_strlen(dbsock) ? ast_str_buffer(dbsock) : NULL, ssl_ca ? CLIENT_SSL : 0)) {
 			connected = 1;
 			connect_time = time(NULL);
 			records = 0;
 			if (dbcharset) {
-				snprintf(sql1, sizeof(sql1), "SET NAMES '%s'", dbcharset->str);
-				mysql_real_query(&mysql, sql1, strlen(sql1));
-				ast_debug(1, "SQL command as follows: %s\n", sql1);
+				ast_str_set(&sql1, 0, "SET NAMES '%s'", ast_str_buffer(dbcharset));
+				mysql_real_query(&mysql, ast_str_buffer(sql1), ast_str_strlen(sql1));
+				ast_debug(1, "SQL command as follows: %s\n", ast_str_buffer(sql1));
 			}
 		} else {
-			ast_log(LOG_ERROR, "Cannot connect to database server %s: (%d) %s\n", hostname->str, mysql_errno(&mysql), mysql_error(&mysql));
+			ast_log(LOG_ERROR, "Cannot connect to database server %s: (%d) %s\n", ast_str_buffer(hostname), mysql_errno(&mysql), mysql_error(&mysql));
 			connected = 0;
 		}
 	} else {
@@ -221,12 +226,12 @@
 	if (connected) {
 		int column_count = 0;
 		char *cdrname;
-		char workspace[2048], *value = NULL, *ptr;
-		int sql2len;
+		char workspace[2048], *value = NULL;
 		struct column *entry;
-
-		snprintf(sql1, sql1size, "INSERT INTO %s (", dbtable ? dbtable->str : "cdr");
-		strcpy(sql2, ") VALUES ('");
+		struct ast_str *escape = ast_str_thread_get(&escape_buf, 16);
+
+		ast_str_set(&sql1, 0, "INSERT INTO %s (", AS_OR(dbtable, "cdr"));
+		ast_str_set(&sql2, 0, ") VALUES (");
 
 		AST_RWLIST_RDLOCK(&columns);
 		AST_RWLIST_TRAVERSE(&columns, entry, list) {
@@ -254,18 +259,9 @@
 
 			/* Construct SQL */
 			if (column_count++) {
-				strcat(sql1, ",");
-				strcat(sql2, "','");
-			}
-
-			if (strlen(sql1) + 2 + strlen(entry->name) > sql1size) {
-				char *tmp = ast_realloc(sql1, sql1size * 2);
-				if (!tmp)
-					goto log_exit;
-				sql1size *= 2;
-				sql1 = tmp;
-			}
-			strcat(sql1, entry->name);
+				ast_str_append(&sql1, 0, ",");
+				ast_str_append(&sql2, 0, ",");
+			}
 
 			/* Need the type and value to determine if we want the raw value or not */
 			if (entry->staticvalue) {
@@ -281,50 +277,29 @@
 				 strstr(entry->type, "double") ||
 				 strstr(entry->type, "real") ||
 				 strstr(entry->type, "numeric") ||
-				 strstr(entry->type, "fixed")))
+				 strstr(entry->type, "fixed"))) {
 				ast_cdr_getvar(cdr, cdrname, &value, workspace, sizeof(workspace), 0, 1);
-			else
+			} else {
 				ast_cdr_getvar(cdr, cdrname, &value, workspace, sizeof(workspace), 0, 0);
-
-			if (strlen(sql2) + (value ? strlen(value) * 2 : 0) + 4 > sql2size) {
-				char *tmp = ast_realloc(sql2, sql2size * 2);
-				if (!tmp)
-					goto log_exit;
-				sql2size *= 2;
-				sql2 = tmp;
-			}
+			}
+
 			if (value) {
-				/*!\note We're manually escaping here, to ensure that we know exactly
-				 * how much space is used.  Since we only accept ASCII strings at this
-				 * point in time, there is no danger in this simplistic escape method,
-				 * but I wouldn't recommend this technique for other databases or if
-				 * we convert to an internal representation of UTF-8 sometime in the
-				 * future.
-				 */
-				sql2len = strlen(sql2);
-				for (ptr = value; *ptr; ptr++) {
-					if (*ptr == '\\' || *ptr == '\'')
-						sql2[sql2len++] = '\\';
-					sql2[sql2len++] = *ptr;
-				}
-				sql2[sql2len] = '\0';
+				size_t valsz;
+
+				ast_str_make_space(&escape, (valsz = strlen(value)) * 2 + 1);
+				mysql_real_escape_string(&mysql, ast_str_buffer(escape), value, valsz);
+				ast_str_append(&sql2, 0, "'%s'", ast_str_buffer(escape));
+				ast_str_append(&sql1, 0, "%s", entry->name);
 			}
 		}
 		AST_RWLIST_UNLOCK(&columns);
 
 		ast_debug(1, "Inserting a CDR record.\n");
-		if (strlen(sql1) + 3 + strlen(sql2) > sql1size) {
-			char *tmp = ast_realloc(sql1, strlen(sql1) + 3 + strlen(sql2));
-			if (!tmp)
-				goto log_exit;
-			sql1 = tmp;
-		}
-		strcat(sql1, sql2);
-		strcat(sql1, "')");
-
-		ast_debug(1, "SQL command as follows: %s\n", sql1);
-
-		if (mysql_real_query(&mysql, sql1, strlen(sql1))) {
+		ast_str_append(&sql1, 0, "%s')", ast_str_buffer(sql2));
+
+		ast_debug(1, "SQL command as follows: %s\n", ast_str_buffer(sql1));
+
+		if (mysql_real_query(&mysql, ast_str_buffer(sql1), ast_str_strlen(sql1))) {
 			ast_log(LOG_ERROR, "Failed to insert into database: (%d) %s\n", mysql_errno(&mysql), mysql_error(&mysql));
 			mysql_close(&mysql);
 			connected = 0;
@@ -333,9 +308,6 @@
 			totalrecords++;
 		}
 	}
-log_exit:
-	ast_free(sql1);
-	ast_free(sql2);
 	ast_mutex_unlock(&mysql_lock);
 	return 0;
 }
@@ -460,7 +432,7 @@
 	res |= my_load_config_number(cfg, "global", "port", &dbport, 0);
 	res |= my_load_config_number(cfg, "global", "timeout", &timeout, 0);
 	res |= my_load_config_string(cfg, "global", "compat", &compat, "no");
-	if (ast_true(compat->str)) {
+	if (ast_true(ast_str_buffer(compat))) {
 		calldate_compat = 1;
 	} else {
 		calldate_compat = 0;
@@ -476,18 +448,18 @@
 		ast_free(entry);
 	}
 
-	ast_debug(1, "Got hostname of %s\n", hostname->str);
+	ast_debug(1, "Got hostname of %s\n", ast_str_buffer(hostname));
 	ast_debug(1, "Got port of %d\n", dbport);
 	ast_debug(1, "Got a timeout of %d\n", timeout);
 	if (dbsock)
-		ast_debug(1, "Got sock file of %s\n", dbsock->str);
-	ast_debug(1, "Got user of %s\n", dbuser->str);
-	ast_debug(1, "Got dbname of %s\n", dbname->str);
-	ast_debug(1, "Got password of %s\n", password->str);
+		ast_debug(1, "Got sock file of %s\n", ast_str_buffer(dbsock));
+	ast_debug(1, "Got user of %s\n", ast_str_buffer(dbuser));
+	ast_debug(1, "Got dbname of %s\n", ast_str_buffer(dbname));
+	ast_debug(1, "Got password of %s\n", ast_str_buffer(password));
 	ast_debug(1, "%sunning in calldate compatibility mode\n", calldate_compat ? "R" : "Not r");
 
 	if (dbcharset) {
-		ast_debug(1, "Got DB charste of %s\n", dbcharset->str);
+		ast_debug(1, "Got DB charset of %s\n", ast_str_buffer(dbcharset));
 	}
 
 	mysql_init(&mysql);
@@ -503,12 +475,16 @@
 	}
 #endif
 
-	if ((ssl_ca && !ast_strlen_zero(ssl_ca->str)) || (ssl_cert && !ast_strlen_zero(ssl_cert->str)) || (ssl_key && !ast_strlen_zero(ssl_key->str))) {
-		mysql_ssl_set (&mysql, ssl_key->str, ssl_cert->str, ssl_ca->str, NULL, NULL);
-	}
-	temp = dbsock && !ast_strlen_zero(dbsock->str) ? dbsock->str : NULL;
-	if (!mysql_real_connect(&mysql, hostname->str, dbuser->str, password->str, dbname->str, dbport, temp, ssl_ca && !ast_strlen_zero(ssl_ca->str) ? CLIENT_SSL : 0)) {
-		ast_log(LOG_ERROR, "Failed to connect to mysql database %s on %s.\n", dbname->str, hostname->str);
+	if ((ssl_ca && ast_str_strlen(ssl_ca)) || (ssl_cert && ast_str_strlen(ssl_cert)) || (ssl_key && ast_str_strlen(ssl_key))) {
+		mysql_ssl_set(&mysql,
+			ssl_key ? ast_str_buffer(ssl_key) : NULL,
+			ssl_cert ? ast_str_buffer(ssl_cert) : NULL,
+			ssl_ca ? ast_str_buffer(ssl_ca) : NULL,
+			NULL, NULL);
+	}
+	temp = dbsock && ast_str_strlen(dbsock) ? ast_str_buffer(dbsock) : NULL;
+	if (!mysql_real_connect(&mysql, ast_str_buffer(hostname), ast_str_buffer(dbuser), ast_str_buffer(password), ast_str_buffer(dbname), dbport, temp, ssl_ca && ast_str_strlen(ssl_ca) ? CLIENT_SSL : 0)) {
+		ast_log(LOG_ERROR, "Failed to connect to mysql database %s on %s.\n", ast_str_buffer(dbname), ast_str_buffer(hostname));
 		connected = 0;
 		records = 0;
 	} else {
@@ -517,13 +493,13 @@
 		records = 0;
 		connect_time = time(NULL);
 		if (dbcharset) {
-			snprintf(sqldesc, sizeof(sqldesc), "SET NAMES '%s'", dbcharset->str);
+			snprintf(sqldesc, sizeof(sqldesc), "SET NAMES '%s'", ast_str_buffer(dbcharset));
 			mysql_real_query(&mysql, sqldesc, strlen(sqldesc));
 			ast_debug(1, "SQL command as follows: %s\n", sqldesc);
 		}
 
 		/* Get table description */
-		snprintf(sqldesc, sizeof(sqldesc), "DESC %s", dbtable ? dbtable->str : "cdr");
+		snprintf(sqldesc, sizeof(sqldesc), "DESC %s", dbtable ? ast_str_buffer(dbtable) : "cdr");
 		if (mysql_query(&mysql, sqldesc)) {
 			ast_log(LOG_ERROR, "Unable to query table description!!  Logging disabled.\n");
 			mysql_close(&mysql);
@@ -586,7 +562,7 @@
 			if (!ast_strlen_zero(staticvalue)) {
 				entry->staticvalue = entry->cdrname + strlen(entry->cdrname) + 1;
 				strcpy(entry->staticvalue, staticvalue);
-				ast_debug(1, "staticvalue length: %d\n", strlen(staticvalue) );
+				ast_debug(1, "staticvalue length: %d\n", (int) strlen(staticvalue) );
 				entry->type = entry->staticvalue + strlen(entry->staticvalue) + 1;
 			} else {
 				entry->type = entry->cdrname + strlen(entry->cdrname) + 1;

Modified: trunk/channels/chan_ooh323.c
URL: http://svn.digium.com/view/asterisk-addons/trunk/channels/chan_ooh323.c?view=diff&rev=711&r1=710&r2=711
==============================================================================
--- trunk/channels/chan_ooh323.c (original)
+++ trunk/channels/chan_ooh323.c Mon Dec 15 17:54:39 2008
@@ -254,7 +254,7 @@
 
 	/* Don't hold a h323 pvt lock while we allocate a channel */
 	ast_mutex_unlock(&i->lock);
-	ch = ast_channel_alloc(1, state, i->callerid_num, i->callerid_name, i->accountcode, i->exten, i->context, i->amaflags, "OOH323/%s-%08x", host, i);
+	ch = ast_channel_alloc(1, state, i->callerid_num, i->callerid_name, i->accountcode, i->exten, i->context, i->amaflags, "OOH323/%s-%08x", host, (unsigned int)(unsigned long) i);
 	ast_mutex_lock(&i->lock);
 
 	if (ch) {

Modified: trunk/res/res_config_mysql.c
URL: http://svn.digium.com/view/asterisk-addons/trunk/res/res_config_mysql.c?view=diff&rev=711&r1=710&r2=711
==============================================================================
--- trunk/res/res_config_mysql.c (original)
+++ trunk/res/res_config_mysql.c Mon Dec 15 17:54:39 2008
@@ -68,6 +68,14 @@
 #define	READHANDLE	0
 #define	WRITEHANDLE	1
 
+#define ESCAPE_STRING(buf, var) \
+	do { \
+		if ((valsz = strlen(var)) * 2 + 1 > ast_str_size(buf)) { \
+			ast_str_make_space(&(buf), valsz * 2 + 1); \
+		} \
+		mysql_real_escape_string(&dbh->handle, ast_str_buffer(buf), var, valsz); \
+	} while (0)
+
 AST_THREADSTORAGE(sql_buf);
 AST_THREADSTORAGE(sql2_buf);
 AST_THREADSTORAGE(find_buf);
@@ -214,7 +222,7 @@
 		return NULL;
 	}
 
-	if (mysql_real_query(&dbh->handle, sql->str, sql->used)) {
+	if (mysql_real_query(&dbh->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 		ast_log(LOG_ERROR, "Failed to query database columns: %s\n", mysql_error(&dbh->handle));
 		release_database(dbh);
 		AST_LIST_UNLOCK(&mysql_tables);
@@ -347,25 +355,23 @@
 	else 
 		op = "";
 
-	ast_str_make_space(&buf, (valsz = strlen(newval)) * 2 + 1);
-	mysql_real_escape_string(&dbh->handle, buf->str, newval, valsz);
-	ast_str_set(&sql, 0, "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, buf->str);
+	ESCAPE_STRING(buf, newval);
+	ast_str_set(&sql, 0, "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, ast_str_buffer(buf));
 	while ((newparam = va_arg(ap, const char *))) {
 		newval = va_arg(ap, const char *);
 		if (!strchr(newparam, ' ')) 
 			op = " ="; 
 		else
 			op = "";
-		ast_str_make_space(&buf, (valsz = strlen(newval)) * 2 + 1);
-		mysql_real_escape_string(&dbh->handle, buf->str, newval, valsz);
-		ast_str_append(&sql, 0, " AND %s%s '%s'", newparam, op, buf->str);
+		ESCAPE_STRING(buf, newval);
+		ast_str_append(&sql, 0, " AND %s%s '%s'", newparam, op, ast_str_buffer(buf));
 	}
 	va_end(ap);
 
-	ast_debug(1, "MySQL RealTime: Retrieve SQL: %s\n", sql->str);
+	ast_debug(1, "MySQL RealTime: Retrieve SQL: %s\n", ast_str_buffer(sql));
 
 	/* Execution. */
-	if (mysql_real_query(&dbh->handle, sql->str, sql->used)) {
+	if (mysql_real_query(&dbh->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database: %s\n", mysql_error(&dbh->handle));
 		release_database(dbh);
 		return NULL;
@@ -380,15 +386,15 @@
 				if (ast_strlen_zero(row[i]))
 					continue;
 				for (stringp = ast_strdupa(row[i]), chunk = strsep(&stringp, ";"); chunk; chunk = strsep(&stringp, ";")) {
-					if (chunk && !ast_strlen_zero(ast_strip(chunk))) {
-						if (prev) {
-							prev->next = ast_variable_new(fields[i].name, chunk, "");
-							if (prev->next) {
-								prev = prev->next;
-							}
-						} else {
-							prev = var = ast_variable_new(fields[i].name, chunk, "");
+					if (!chunk || ast_strlen_zero(ast_strip(chunk))) {
+						continue;
+					}
+					if (prev) {
+						if ((prev->next = ast_variable_new(fields[i].name, chunk, ""))) {
+							prev = prev->next;
 						}
+					} else {
+						prev = var = ast_variable_new(fields[i].name, chunk, "");
 					}
 				}
 			}
@@ -469,15 +475,13 @@
 	else
 		op = "";
 
-	ast_str_make_space(&buf, (valsz = strlen(newval)) * 2 + 1);
-	mysql_real_escape_string(&dbh->handle, buf->str, newval, valsz);
-	ast_str_set(&sql, 0, "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, buf->str);
+	ESCAPE_STRING(buf, newval);
+	ast_str_set(&sql, 0, "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, ast_str_buffer(buf));
 	while ((newparam = va_arg(ap, const char *))) {
 		newval = va_arg(ap, const char *);
 		if (!strchr(newparam, ' ')) op = " ="; else op = "";
-		ast_str_make_space(&buf, (valsz = strlen(newval)) * 2 + 1);
-		mysql_real_escape_string(&dbh->handle, buf->str, newval, valsz);
-		ast_str_append(&sql, 0, " AND %s%s '%s'", newparam, op, buf->str);
+		ESCAPE_STRING(buf, newval);
+		ast_str_append(&sql, 0, " AND %s%s '%s'", newparam, op, ast_str_buffer(buf));
 	}
 
 	if (initfield) {
@@ -486,10 +490,10 @@
 
 	va_end(ap);
 
-	ast_debug(1, "MySQL RealTime: Retrieve SQL: %s\n", sql->str);
+	ast_debug(1, "MySQL RealTime: Retrieve SQL: %s\n", ast_str_buffer(sql));
 
 	/* Execution. */
-	if (mysql_real_query(&dbh->handle, sql->str, sql->used)) {
+	if (mysql_real_query(&dbh->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database: %s\n", mysql_error(&dbh->handle));
 		release_database(dbh);
 		ast_config_destroy(cfg);
@@ -594,13 +598,12 @@
 	/* Create the first part of the query using the first parameter/value pairs we just extracted
 	   If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
 
-	ast_str_make_space(&buf, (valsz = strlen(newval)) * 2 + 1);
-	mysql_real_escape_string(&dbh->handle, buf->str, newval, valsz);
-	ast_str_set(&sql, 0, "UPDATE %s SET %s = '%s'", tablename, newparam, buf->str);
+	ESCAPE_STRING(buf, newval);
+	ast_str_set(&sql, 0, "UPDATE %s SET %s = '%s'", tablename, newparam, ast_str_buffer(buf));
 
 	/* If the column length isn't long enough, give a chance to lengthen it. */
 	if (strncmp(column->type, "char", 4) == 0 || strncmp(column->type, "varchar", 7) == 0) {
-		internal_require(database, tablename, newparam, RQ_CHAR, buf->used, SENTINEL);
+		internal_require(database, tablename, newparam, RQ_CHAR, valsz, SENTINEL);
 	}
 
 	while ((newparam = va_arg(ap, const char *))) {
@@ -612,25 +615,23 @@
 			continue;
 		}
 
-		ast_str_make_space(&buf, (valsz = strlen(newval)) * 2 + 1);
-		mysql_real_escape_string(&dbh->handle, buf->str, newval, valsz);
-		ast_str_append(&sql, 0, ", %s = '%s'", newparam, buf->str);
+		ESCAPE_STRING(buf, newval);
+		ast_str_append(&sql, 0, ", %s = '%s'", newparam, ast_str_buffer(buf));
 
 		/* If the column length isn't long enough, give a chance to lengthen it. */
 		if (strncmp(column->type, "char", 4) == 0 || strncmp(column->type, "varchar", 7) == 0) {
-			internal_require(database, tablename, newparam, RQ_CHAR, buf->used, SENTINEL);
+			internal_require(database, tablename, newparam, RQ_CHAR, valsz, SENTINEL);
 		}
 	}
 	va_end(ap);
 
-	ast_str_make_space(&buf, (valsz = strlen(lookup)) * 2 + 1);
-	mysql_real_escape_string(&dbh->handle, buf->str, lookup, valsz);
-	ast_str_append(&sql, 0, " WHERE %s = '%s'", keyfield, buf->str);
-
-	ast_debug(1, "MySQL RealTime: Update SQL: %s\n", sql->str);
+	ESCAPE_STRING(buf, lookup);
+	ast_str_append(&sql, 0, " WHERE %s = '%s'", keyfield, ast_str_buffer(buf));
+
+	ast_debug(1, "MySQL RealTime: Update SQL: %s\n", ast_str_buffer(sql));
 
 	/* Execution. */
-	if (mysql_real_query(&dbh->handle, sql->str, sql->used)) {
+	if (mysql_real_query(&dbh->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database: %s\n", mysql_error(&dbh->handle));
 		release_table(table);
 		release_database(dbh);
@@ -652,21 +653,13 @@
 	return (int)numrows;
 }
 
-#define ESCAPE_STRING(buf, var) \
-	do { \
-		size_t size; \
-		if ((size = strlen(var)) * 2 + 1 > (buf)->len) { \
-			ast_str_make_space(&(buf), size * 2 + 1); \
-		} \
-		mysql_real_escape_string(&dbh->handle, (buf)->str, var, size); \
-	} while (0)
-
 static int update2_mysql(const char *database, const char *tablename, va_list ap)
 {
 	struct mysql_conn *dbh;
 	my_ulonglong numrows;
 	int first = 1;
 	const char *newparam, *newval;
+	size_t valsz;
 	struct ast_str *sql = ast_str_thread_get(&sql_buf, 100), *buf = ast_str_thread_get(&scratch_buf, 100);
 	struct ast_str *where = ast_str_thread_get(&sql2_buf, 100);
 	struct tables *table;
@@ -718,12 +711,12 @@
 			return -1;
 		}
 		ESCAPE_STRING(buf, newval);
-		ast_str_append(&where, 0, "%s %s='%s'", first ? "" : " AND", newparam, buf->str);
+		ast_str_append(&where, 0, "%s %s='%s'", first ? "" : " AND", newparam, ast_str_buffer(buf));
 		first = 0;
 
 		/* If the column length isn't long enough, give a chance to lengthen it. */
 		if (strncmp(column->type, "char", 4) == 0 || strncmp(column->type, "varchar", 7) == 0) {
-			internal_require(database, tablename, newparam, RQ_CHAR, buf->used, SENTINEL);
+			internal_require(database, tablename, newparam, RQ_CHAR, valsz, SENTINEL);
 		}
 	}
 
@@ -743,22 +736,22 @@
 		}
 
 		ESCAPE_STRING(buf, newval);
-		ast_str_append(&sql, 0, "%s %s = '%s'", first ? "" : ",", newparam, buf->str);
+		ast_str_append(&sql, 0, "%s %s = '%s'", first ? "" : ",", newparam, ast_str_buffer(buf));
 
 		/* If the column length isn't long enough, give a chance to lengthen it. */
 		if (strncmp(column->type, "char", 4) == 0 || strncmp(column->type, "varchar", 7) == 0) {
-			internal_require(database, tablename, newparam, RQ_CHAR, strlen(newval), SENTINEL);
+			internal_require(database, tablename, newparam, RQ_CHAR, valsz, SENTINEL);
 		}
 	}
 	va_end(ap);
 	release_table(table);
 
-	ast_str_append(&sql, 0, " %s", where->str);
-
-	ast_debug(1, "MySQL RealTime: Update SQL: %s\n", sql->str);
+	ast_str_append(&sql, 0, " %s", ast_str_buffer(where));
+
+	ast_debug(1, "MySQL RealTime: Update SQL: %s\n", ast_str_buffer(sql));
 
 	/* Execution. */
-	if (mysql_real_query(&dbh->handle, sql->str, sql->used)) {
+	if (mysql_real_query(&dbh->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database: %s\n", mysql_error(&dbh->handle));
 		release_table(table);
 		release_database(dbh);
@@ -814,33 +807,30 @@
 	}
 	/* Create the first part of the query using the first parameter/value pairs we just extracted
 		If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
-	ast_str_make_space(&buf, (valsz = strlen(newval)) * 2 + 1);
-	mysql_real_escape_string(&dbh->handle, buf->str, newval, valsz);
-
+	ESCAPE_STRING(buf, newval);
 	ast_str_set(&sql, 0, "INSERT INTO %s (%s", table, newparam);
-	ast_str_set(&sql2, 0, ") VALUES ('%s'", buf->str);
+	ast_str_set(&sql2, 0, ") VALUES ('%s'", ast_str_buffer(buf));
 
 	internal_require(database, table, newparam, RQ_CHAR, valsz, SENTINEL);
 
 	while ((newparam = va_arg(ap, const char *))) {
 		if ((newval = va_arg(ap, const char *))) {
-			ast_str_make_space(&buf, (valsz = strlen(newval)) * 2 + 1);
-			mysql_real_escape_string(&dbh->handle, buf->str, newval, valsz);
+			ESCAPE_STRING(buf, newval);
 		} else {
 			valsz = 0;
 			ast_str_reset(buf);
 		}
 		if (internal_require(database, table, newparam, RQ_CHAR, valsz, SENTINEL) == 0) {
 			ast_str_append(&sql, 0, ", %s", newparam);
-			ast_str_append(&sql2, 0, ", '%s'", buf->str);
+			ast_str_append(&sql2, 0, ", '%s'", ast_str_buffer(buf));
 		}
 	}
 	va_end(ap);
-	ast_str_append(&sql, 0, "%s)", sql2->str);
-	ast_debug(1,"MySQL RealTime: Insert SQL: %s\n", sql->str);
+	ast_str_append(&sql, 0, "%s)", ast_str_buffer(sql2));
+	ast_debug(1,"MySQL RealTime: Insert SQL: %s\n", ast_str_buffer(sql));
 
 	/* Execution. */
-	if (mysql_real_query(&dbh->handle, sql->str, sql->used)) {
+	if (mysql_real_query(&dbh->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database: %s\n", mysql_error(&dbh->handle));
 		release_database(dbh);
 		return -1;
@@ -897,21 +887,19 @@
 
 	/* Create the first part of the query using the first parameter/value pairs we just extracted
 	   If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
-	ast_str_make_space(&buf, (valsz = strlen(lookup)) * 2 + 1);
-	mysql_real_escape_string(&dbh->handle, buf->str, lookup, valsz);
-	ast_str_set(&sql, 0, "DELETE FROM %s WHERE %s = '%s'", table, keyfield, buf->str);
+	ESCAPE_STRING(buf, lookup);
+	ast_str_set(&sql, 0, "DELETE FROM %s WHERE %s = '%s'", table, keyfield, ast_str_buffer(buf));
 	while ((newparam = va_arg(ap, const char *))) {
 		newval = va_arg(ap, const char *);
-		ast_str_make_space(&buf, (valsz = strlen(newval)) * 2 + 1);
-		mysql_real_escape_string(&dbh->handle, buf->str, newval, valsz);
-		ast_str_append(&sql, 0, " AND %s = '%s'", newparam, buf->str);
+		ESCAPE_STRING(buf, newval);
+		ast_str_append(&sql, 0, " AND %s = '%s'", newparam, ast_str_buffer(buf));
 	}
 	va_end(ap);
 
-	ast_debug(1, "MySQL RealTime: Delete SQL: %s\n", sql->str);
+	ast_debug(1, "MySQL RealTime: Delete SQL: %s\n", ast_str_buffer(sql));
 
 	/* Execution. */
-	if (mysql_real_query(&dbh->handle, sql->str, sql->used)) {
+	if (mysql_real_query(&dbh->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database: %s\n", mysql_error(&dbh->handle));
 		release_database(dbh);
 		return -1;
@@ -957,16 +945,16 @@
 
 	ast_str_set(&sql, 0, "SELECT category, var_name, var_val, cat_metric FROM %s WHERE filename='%s' and commented=1 ORDER BY filename, cat_metric desc, var_metric asc, category, var_name, var_val, id", table, file);
 
-	ast_debug(1, "MySQL RealTime: Static SQL: %s\n", sql->str);
+	ast_debug(1, "MySQL RealTime: Static SQL: %s\n", ast_str_buffer(sql));
 
 	/* We now have our complete statement; Lets connect to the server and execute it. */
 	if (!mysql_reconnect(dbh)) {
 		return NULL;
 	}
 
-	if (mysql_real_query(&dbh->handle, sql->str, sql->used)) {
+	if (mysql_real_query(&dbh->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database. Check debug for more info.\n");
-		ast_debug(1, "MySQL RealTime: Query: %s\n", sql->str);
+		ast_debug(1, "MySQL RealTime: Query: %s\n", ast_str_buffer(sql));
 		ast_debug(1, "MySQL RealTime: Query Failed because: %s\n", mysql_error(&dbh->handle));
 		release_database(dbh);
 		return NULL;
@@ -1081,26 +1069,26 @@
 			res = -1;
 			break;
 		}
-		ast_str_set(&sql, 0, "ALTER TABLE %s MODIFY %s %s", tablename, column->name, typestr->str);
+		ast_str_set(&sql, 0, "ALTER TABLE %s MODIFY %s %s", tablename, column->name, ast_str_buffer(typestr));
 		if (!column->null) {
 			ast_str_append(&sql, 0, " NOT NULL");
 		}
 		if (!ast_strlen_zero(column->dflt)) {
-			ast_str_make_space(&escbuf, strlen(column->dflt) * 2 + 1);
-			mysql_real_escape_string(&dbh->handle, escbuf->str, column->dflt, strlen(column->dflt));
-			ast_str_append(&sql, 0, " DEFAULT '%s'", escbuf->str);
+			size_t valsz;
+			ESCAPE_STRING(escbuf, column->dflt);
+			ast_str_append(&sql, 0, " DEFAULT '%s'", ast_str_buffer(escbuf));
 		}
 
 		if (!mysql_reconnect(dbh)) {
-			ast_log(LOG_ERROR, "Unable to add column: %s\n", sql->str);
+			ast_log(LOG_ERROR, "Unable to add column: %s\n", ast_str_buffer(sql));
 			res = -1;
 			break;
 		}
 
 		/* Execution. */
-		if (mysql_real_query(&dbh->handle, sql->str, sql->used)) {
+		if (mysql_real_query(&dbh->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 			ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database: %s\n", mysql_error(&dbh->handle));
-			ast_debug(1, "MySQL RealTime: Query: %s\n", sql->str);
+			ast_debug(1, "MySQL RealTime: Query: %s\n", ast_str_buffer(sql));
 			res = -1;
 		}
 	} while (0);
@@ -1338,19 +1326,19 @@
 				} else {
 					continue;
 				}
-				ast_str_set(&sql, 0, "ALTER TABLE %s ADD COLUMN %s %s", tablename, elm, fieldtype->str);
+				ast_str_set(&sql, 0, "ALTER TABLE %s ADD COLUMN %s %s", tablename, elm, ast_str_buffer(fieldtype));
 
 				ast_mutex_lock(&table->database->lock);
 				if (!mysql_reconnect(table->database)) {
 					ast_mutex_unlock(&table->database->lock);
-					ast_log(LOG_ERROR, "Unable to add column: %s\n", sql->str);
+					ast_log(LOG_ERROR, "Unable to add column: %s\n", ast_str_buffer(sql));
 					continue;
 				}
 
 				/* Execution. */
-				if (mysql_real_query(&table->database->handle, sql->str, sql->used)) {
+				if (mysql_real_query(&table->database->handle, ast_str_buffer(sql), ast_str_strlen(sql))) {
 					ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database. Check debug for more info.\n");
-					ast_debug(1, "MySQL RealTime: Query: %s\n", sql->str);
+					ast_debug(1, "MySQL RealTime: Query: %s\n", ast_str_buffer(sql));
 					ast_debug(1, "MySQL RealTime: Query Failed because: %s\n", mysql_error(&table->database->handle));
 				} else {
 					table_altered = 1;




More information about the asterisk-addons-commits mailing list