aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>2007-11-29 19:24:11 +0000
committertilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>2007-11-29 19:24:11 +0000
commit6cd13b68df9bd785d32052aa36c1ee4a0d73ff1f (patch)
treeb8a42783d6edd03bffc52e486085ecc9f7ee0912
parent8417f20fe68be3b186eedbaffd3e5462f5153111 (diff)
Properly escape input buffers (Fixes AST-2007-025)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@90160 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r--res/res_config_pgsql.c79
1 files changed, 66 insertions, 13 deletions
diff --git a/res/res_config_pgsql.c b/res/res_config_pgsql.c
index 212e1b270..4d0f16c2c 100644
--- a/res/res_config_pgsql.c
+++ b/res/res_config_pgsql.c
@@ -79,8 +79,8 @@ static struct ast_cli_entry cli_realtime[] = {
static struct ast_variable *realtime_pgsql(const char *database, const char *table, va_list ap)
{
PGresult *result = NULL;
- int num_rows = 0;
- char sql[256];
+ int num_rows = 0, pgerror;
+ char sql[256], escapebuf[513];
char *stringp;
char *chunk;
char *op;
@@ -109,16 +109,31 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab
If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
op = strchr(newparam, ' ') ? "" : " =";
+ PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
+ if (pgerror) {
+ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
+ va_end(ap);
+ return NULL;
+ }
+
snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op,
- newval);
+ escapebuf);
while ((newparam = va_arg(ap, const char *))) {
newval = va_arg(ap, const char *);
if (!strchr(newparam, ' '))
op = " =";
else
op = "";
+
+ PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
+ if (pgerror) {
+ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
+ va_end(ap);
+ return NULL;
+ }
+
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam,
- op, newval);
+ op, escapebuf);
}
va_end(ap);
@@ -202,8 +217,8 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab
static struct ast_config *realtime_multi_pgsql(const char *database, const char *table, va_list ap)
{
PGresult *result = NULL;
- int num_rows = 0;
- char sql[256];
+ int num_rows = 0, pgerror;
+ char sql[256], escapebuf[513];
const char *initfield = NULL;
char *stringp;
char *chunk;
@@ -250,16 +265,31 @@ static struct ast_config *realtime_multi_pgsql(const char *database, const char
else
op = "";
+ PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
+ if (pgerror) {
+ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
+ va_end(ap);
+ return NULL;
+ }
+
snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op,
- newval);
+ escapebuf);
while ((newparam = va_arg(ap, const char *))) {
newval = va_arg(ap, const char *);
if (!strchr(newparam, ' '))
op = " =";
else
op = "";
+
+ PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
+ if (pgerror) {
+ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
+ va_end(ap);
+ return NULL;
+ }
+
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam,
- op, newval);
+ op, escapebuf);
}
if (initfield) {
@@ -351,8 +381,8 @@ static int update_pgsql(const char *database, const char *table, const char *key
const char *lookup, va_list ap)
{
PGresult *result = NULL;
- int numrows = 0;
- char sql[256];
+ int numrows = 0, pgerror;
+ char sql[256], escapebuf[513];
const char *newparam, *newval;
if (!table) {
@@ -376,15 +406,38 @@ static int update_pgsql(const char *database, const char *table, const char *key
/* Create the first part of the query using the first parameter/value pairs we just extracted
If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
- snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam, newval);
+ PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
+ if (pgerror) {
+ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
+ va_end(ap);
+ return -1;
+ }
+ snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam, escapebuf);
+
while ((newparam = va_arg(ap, const char *))) {
newval = va_arg(ap, const char *);
+
+ PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror);
+ if (pgerror) {
+ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval);
+ va_end(ap);
+ return -1;
+ }
+
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), ", %s = '%s'", newparam,
- newval);
+ escapebuf);
}
va_end(ap);
+
+ PQescapeStringConn(pgsqlConn, escapebuf, lookup, (sizeof(escapebuf) - 1) / 2, &pgerror);
+ if (pgerror) {
+ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", lookup);
+ va_end(ap);
+ return -1;
+ }
+
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " WHERE %s = '%s'", keyfield,
- lookup);
+ escapebuf);
ast_log(LOG_DEBUG, "Postgresql RealTime: Update SQL: %s\n", sql);