mirror of
				https://github.com/asterisk/asterisk.git
				synced 2025-10-26 14:27:14 +00:00 
			
		
		
		
	res_config_sqlite3: Fix crashes when reading peers from sqlite3 tables
Introduced realloaction of ast_str buf in sqlite3_escape functions in case the returned buffer from threadstorage was actually too small. Change-Id: I3c5eb43aaade93ee457943daddc651781954c445
This commit is contained in:
		
				
					committed by
					
						 Mark Michelson
						Mark Michelson
					
				
			
			
				
	
			
			
			
						parent
						
							aa637f0a91
						
					
				
				
					commit
					ea9deff996
				
			| @@ -127,8 +127,14 @@ static inline const char *sqlite3_escape_string_helper(struct ast_threadstorage | ||||
| 	 * add two quotes, and convert NULL pointers to the word "NULL", but we | ||||
| 	 * don't allow those anyway. Just going to use %q for now. */ | ||||
| 	struct ast_str *buf = ast_str_thread_get(ts, maxlen); | ||||
| 	char *tmp = ast_str_buffer(buf); | ||||
| 	char q = ts == &escape_value_buf ? '\'' : '"'; | ||||
| 	char *tmp; | ||||
|  | ||||
| 	if (ast_str_size(buf) < maxlen) { | ||||
| 		/* realloc if buf is too small */ | ||||
| 		ast_str_make_space(&buf, maxlen); | ||||
| 	} | ||||
| 	tmp = ast_str_buffer(buf); | ||||
|  | ||||
| 	ast_str_reset(buf); | ||||
| 	*tmp++ = q; /* Initial quote */ | ||||
| @@ -160,9 +166,15 @@ static const char *sqlite3_escape_column_op(const char *param) | ||||
| { | ||||
| 	size_t maxlen = strlen(param) * 2 + sizeof("\"\" ="); | ||||
| 	struct ast_str *buf = ast_str_thread_get(&escape_column_buf, maxlen); | ||||
| 	char *tmp = ast_str_buffer(buf); | ||||
| 	char *tmp; | ||||
| 	int space = 0; | ||||
|  | ||||
| 	if (ast_str_size(buf) < maxlen) { | ||||
| 		/* realloc if buf is too small */ | ||||
| 		ast_str_make_space(&buf, maxlen); | ||||
| 	} | ||||
| 	tmp = ast_str_buffer(buf); | ||||
|  | ||||
| 	ast_str_reset(buf); | ||||
| 	*tmp++ = '"'; | ||||
| 	while ((*tmp++ = *param++)) { | ||||
|   | ||||
		Reference in New Issue
	
	Block a user