diff options
author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-09-28 21:39:07 +0000 |
---|---|---|
committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-09-28 21:39:07 +0000 |
commit | 74e9c236bd6246f61bed0397adcf87adad399e2e (patch) | |
tree | eeba772fc80fe61a506295ac36f5015119249655 | |
parent | 2003cfe993b5f9b0f63c7cb17c9b55d773e88c57 (diff) |
Change several improper "sizeof" to "strlen", as sizeof in that context would
incorrectly use the size of a pointer, rather than the length of a string.
(Closes issue #13574)
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@145076 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r-- | res/res_config_pgsql.c | 86 |
1 files changed, 56 insertions, 30 deletions
diff --git a/res/res_config_pgsql.c b/res/res_config_pgsql.c index c42e35e80..5ef6cf67b 100644 --- a/res/res_config_pgsql.c +++ b/res/res_config_pgsql.c @@ -642,14 +642,22 @@ static int update_pgsql(const char *database, const char *tablename, const char return -1; } +#define ESCAPE_STRING(buffer, stringname) \ + do { \ + int len; \ + if ((len = strlen(stringname)) > (buffer->len - 1) / 2) { \ + ast_str_make_space(&buffer, len * 2 + 1); \ + } \ + PQescapeStringConn(pgsqlConn, buffer->str, stringname, len, &pgresult); \ + } while (0) + static int store_pgsql(const char *database, const char *table, va_list ap) { PGresult *result = NULL; Oid insertid; - char sql[256]; - char params[256]; - char vals[256]; - char buf[256]; + struct ast_str *buf = ast_str_create(256); + struct ast_str *sql1 = ast_str_create(256); + struct ast_str *sql2 = ast_str_create(256); int pgresult; const char *newparam, *newval; @@ -667,7 +675,7 @@ static int store_pgsql(const char *database, const char *table, va_list ap) if (pgsqlConn) { PQfinish(pgsqlConn); pgsqlConn = NULL; - }; + } return -1; } @@ -680,28 +688,31 @@ static int store_pgsql(const char *database, const char *table, va_list ap) /* Create the first part of the query using the first parameter/value pairs we just extracted If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */ - PQescapeStringConn(pgsqlConn, buf, newparam, sizeof(newparam), &pgresult); - snprintf(params, sizeof(params), "%s", buf); - PQescapeStringConn(pgsqlConn, buf, newval, sizeof(newval), &pgresult); - snprintf(vals, sizeof(vals), "'%s'", buf); + ESCAPE_STRING(buf, newparam); + ast_str_set(&sql1, 0, "INSERT INTO %s (%s", table, buf->str); + ESCAPE_STRING(buf, newval); + ast_str_set(&sql2, 0, ") VALUES ('%s'", buf->str); while ((newparam = va_arg(ap, const char *))) { newval = va_arg(ap, const char *); - PQescapeStringConn(pgsqlConn, buf, newparam, sizeof(newparam), &pgresult); - snprintf(params + strlen(params), sizeof(params) - strlen(params), ", %s", buf); - PQescapeStringConn(pgsqlConn, buf, newval, sizeof(newval), &pgresult); - snprintf(vals + strlen(vals), sizeof(vals) - strlen(vals), ", '%s'", buf); + ESCAPE_STRING(buf, newparam); + ast_str_append(&sql1, 0, ", %s", buf->str); + ESCAPE_STRING(buf, newval); + ast_str_append(&sql2, 0, ", '%s'", buf->str); } va_end(ap); - snprintf(sql, sizeof(sql), "INSERT INTO (%s) VALUES (%s)", params, vals); + ast_str_append(&sql1, 0, "%s)", sql2->str); - ast_debug(1, "PostgreSQL RealTime: Insert SQL: %s\n", sql); + ast_debug(1, "PostgreSQL RealTime: Insert SQL: %s\n", sql1->str); - if (!(result = PQexec(pgsqlConn, sql))) { + if (!(result = PQexec(pgsqlConn, sql1->str))) { ast_log(LOG_WARNING, "PostgreSQL RealTime: Failed to query database. Check debug for more info.\n"); - ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql); + ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql1->str); ast_debug(1, "PostgreSQL RealTime: Query Failed because: %s\n", PQerrorMessage(pgsqlConn)); ast_mutex_unlock(&pgsql_lock); + ast_free(sql1); + ast_free(sql2); + ast_free(buf); return -1; } else { ExecStatusType result_status = PQresultStatus(result); @@ -710,16 +721,22 @@ static int store_pgsql(const char *database, const char *table, va_list ap) && result_status != PGRES_NONFATAL_ERROR) { ast_log(LOG_WARNING, "PostgreSQL RealTime: Failed to query database. Check debug for more info.\n"); - ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql); + ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql1->str); ast_debug(1, "PostgreSQL RealTime: Query Failed because: %s (%s)\n", PQresultErrorMessage(result), PQresStatus(result_status)); ast_mutex_unlock(&pgsql_lock); + ast_free(sql1); + ast_free(sql2); + ast_free(buf); return -1; } } insertid = PQoidValue(result); ast_mutex_unlock(&pgsql_lock); + ast_free(sql1); + ast_free(sql2); + ast_free(buf); ast_debug(1, "PostgreSQL RealTime: row inserted on table: %s, id: %u\n", table, insertid); @@ -740,8 +757,8 @@ static int destroy_pgsql(const char *database, const char *table, const char *ke PGresult *result = NULL; int numrows = 0; int pgresult; - char sql[256]; - char buf[256], buf2[256]; + struct ast_str *sql = ast_str_create(256); + struct ast_str *buf1 = ast_str_create(60), *buf2 = ast_str_create(60); const char *newparam, *newval; if (!table) { @@ -774,25 +791,28 @@ static int destroy_pgsql(const char *database, const char *table, const char *ke /* Create the first part of the query using the first parameter/value pairs we just extracted If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */ - PQescapeStringConn(pgsqlConn, buf, keyfield, sizeof(keyfield), &pgresult); - PQescapeStringConn(pgsqlConn, buf2, lookup, sizeof(lookup), &pgresult); - snprintf(sql, sizeof(sql), "DELETE FROM %s WHERE %s = '%s'", table, buf, buf2); + ESCAPE_STRING(buf1, keyfield); + ESCAPE_STRING(buf2, lookup); + ast_str_set(&sql, 0, "DELETE FROM %s WHERE %s = '%s'", table, buf1->str, buf2->str); while ((newparam = va_arg(ap, const char *))) { newval = va_arg(ap, const char *); - PQescapeStringConn(pgsqlConn, buf, newparam, sizeof(newparam), &pgresult); - PQescapeStringConn(pgsqlConn, buf2, newval, sizeof(newval), &pgresult); - snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s = '%s'", buf, buf2); + ESCAPE_STRING(buf1, newparam); + ESCAPE_STRING(buf2, newval); + ast_str_append(&sql, 0, " AND %s = '%s'", buf1->str, buf2->str); } va_end(ap); - ast_debug(1, "PostgreSQL RealTime: Delete SQL: %s\n", sql); + ast_debug(1, "PostgreSQL RealTime: Delete SQL: %s\n", sql->str); - if (!(result = PQexec(pgsqlConn, sql))) { + if (!(result = PQexec(pgsqlConn, sql->str))) { ast_log(LOG_WARNING, "PostgreSQL RealTime: Failed to query database. Check debug for more info.\n"); - ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql); + ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql->str); ast_debug(1, "PostgreSQL RealTime: Query Failed because: %s\n", PQerrorMessage(pgsqlConn)); ast_mutex_unlock(&pgsql_lock); + ast_free(buf1); + ast_free(buf2); + ast_free(sql); return -1; } else { ExecStatusType result_status = PQresultStatus(result); @@ -801,16 +821,22 @@ static int destroy_pgsql(const char *database, const char *table, const char *ke && result_status != PGRES_NONFATAL_ERROR) { ast_log(LOG_WARNING, "PostgreSQL RealTime: Failed to query database. Check debug for more info.\n"); - ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql); + ast_debug(1, "PostgreSQL RealTime: Query: %s\n", sql->str); ast_debug(1, "PostgreSQL RealTime: Query Failed because: %s (%s)\n", PQresultErrorMessage(result), PQresStatus(result_status)); ast_mutex_unlock(&pgsql_lock); + ast_free(buf1); + ast_free(buf2); + ast_free(sql); return -1; } } numrows = atoi(PQcmdTuples(result)); ast_mutex_unlock(&pgsql_lock); + ast_free(buf1); + ast_free(buf2); + ast_free(sql); ast_debug(1, "PostgreSQL RealTime: Deleted %d rows on table: %s\n", numrows, table); |