[Asterisk-code-review] res config sqlite3: Fix crashes when reading peers from sqli... (asterisk[master])

Anonymous Coward asteriskteam at digium.com
Wed Feb 24 18:26:07 CST 2016


Anonymous Coward #1000019 has submitted this change and it was merged.

Change subject: res_config_sqlite3: Fix crashes when reading peers from sqlite3 tables
......................................................................


res_config_sqlite3: Fix crashes when reading peers from sqlite3 tables

Introduced realloaction of ast_str buf in sqlite3_escape functions in case
the returned buffer from threadstorage was actually too small.

Change-Id: I3c5eb43aaade93ee457943daddc651781954c445
---
M res/res_config_sqlite3.c
1 file changed, 14 insertions(+), 2 deletions(-)

Approvals:
  Mark Michelson: Looks good to me, approved
  Anonymous Coward #1000019: Verified
  Joshua Colp: Looks good to me, but someone else must approve



diff --git a/res/res_config_sqlite3.c b/res/res_config_sqlite3.c
index 0b0a78c..a306123 100644
--- a/res/res_config_sqlite3.c
+++ b/res/res_config_sqlite3.c
@@ -127,8 +127,14 @@
 	 * add two quotes, and convert NULL pointers to the word "NULL", but we
 	 * don't allow those anyway. Just going to use %q for now. */
 	struct ast_str *buf = ast_str_thread_get(ts, maxlen);
-	char *tmp = ast_str_buffer(buf);
 	char q = ts == &escape_value_buf ? '\'' : '"';
+	char *tmp;
+
+	if (ast_str_size(buf) < maxlen) {
+		/* realloc if buf is too small */
+		ast_str_make_space(&buf, maxlen);
+	}
+	tmp = ast_str_buffer(buf);
 
 	ast_str_reset(buf);
 	*tmp++ = q; /* Initial quote */
@@ -160,9 +166,15 @@
 {
 	size_t maxlen = strlen(param) * 2 + sizeof("\"\" =");
 	struct ast_str *buf = ast_str_thread_get(&escape_column_buf, maxlen);
-	char *tmp = ast_str_buffer(buf);
+	char *tmp;
 	int space = 0;
 
+	if (ast_str_size(buf) < maxlen) {
+		/* realloc if buf is too small */
+		ast_str_make_space(&buf, maxlen);
+	}
+	tmp = ast_str_buffer(buf);
+
 	ast_str_reset(buf);
 	*tmp++ = '"';
 	while ((*tmp++ = *param++)) {

-- 
To view, visit https://gerrit.asterisk.org/2263
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I3c5eb43aaade93ee457943daddc651781954c445
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Christof Lauber <christof.lauber at annax.ch>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>



More information about the asterisk-code-review mailing list