kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-04 03:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged revisions 90160 via svnmerge from

Browse Source 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r90160 | tilghman | 2007-11-29 13:24:11 -0600 (Thu, 29 Nov 2007) | 2 lines

Properly escape input buffers (Fixes AST-2007-025)

........


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@90162 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Tilghman Lesher
2007-11-29 19:35:49 +00:00
parent afac5cce50
commit a31a852dbc
1 changed files with 66 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
res/res_config_pgsql.c
View File

@@ -68,8 +68,8 @@ static struct ast_cli_entry cli_realtime[] = {
static struct ast_variable *realtime_pgsql(const char *database, const char *table, va_list ap)
{
PGresult *result = NULL;
int num_rows = 0;
char sql[256];
int num_rows = 0, pgerror;
char sql[256], escapebuf[513];
char *stringp;
char *chunk;
char *op;
@@ -98,16 +98,31 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab
If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
op = strchr(newparam, ' ') ? "" : " =";
PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
if (pgerror) {
ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
va_end(ap);
return NULL;
}
snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op,
newval);
escapebuf);
while ((newparam = va_arg(ap, const char *))) {
newval = va_arg(ap, const char *);
if (!strchr(newparam, ' '))
op = " =";
else
op = "";
PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
if (pgerror) {
ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
va_end(ap);
return NULL;
}
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam,
op, newval);
op, escapebuf);
}
va_end(ap);
@@ -190,8 +205,8 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab
static struct ast_config *realtime_multi_pgsql(const char *database, const char *table, va_list ap)
{
PGresult *result = NULL;
int num_rows = 0;
char sql[256];
int num_rows = 0, pgerror;
char sql[256], escapebuf[513];
const char *initfield = NULL;
char *stringp;
char *chunk;
@@ -235,16 +250,31 @@ static struct ast_config *realtime_multi_pgsql(const char *database, const char
else
op = "";
PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
if (pgerror) {
ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
va_end(ap);
return NULL;
}
snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op,
newval);
escapebuf);
while ((newparam = va_arg(ap, const char *))) {
newval = va_arg(ap, const char *);
if (!strchr(newparam, ' '))
op = " =";
else
op = "";
PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
if (pgerror) {
ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
va_end(ap);
return NULL;
}
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam,
op, newval);
op, escapebuf);
}
if (initfield) {
@@ -335,8 +365,8 @@ static int update_pgsql(const char *database, const char *table, const char *key
const char *lookup, va_list ap)
{
PGresult *result = NULL;
int numrows = 0;
char sql[256];
int numrows = 0, pgerror;
char sql[256], escapebuf[513];
const char *newparam, *newval;
if (!table) {
@@ -360,15 +390,38 @@ static int update_pgsql(const char *database, const char *table, const char *key
/* Create the first part of the query using the first parameter/value pairs we just extracted
If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam, newval);
PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
if (pgerror) {
ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
va_end(ap);
return -1;
}
snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam, escapebuf);
while ((newparam = va_arg(ap, const char *))) {
newval = va_arg(ap, const char *);
PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
if (pgerror) {
ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
va_end(ap);
return -1;
}
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), ", %s = '%s'", newparam,
newval);
escapebuf);
}
va_end(ap);
PQescapeStringConn(pgsqlConn, escapebuf, lookup, (sizeof(escapebuf) - 1) / 2, &pgerror);
if (pgerror) {
ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", lookup);
va_end(ap);
return -1;
}
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " WHERE %s = '%s'", keyfield,
lookup);
escapebuf);
ast_debug(1, "PostgreSQL RealTime: Update SQL: %s\n", sql);