diff options
author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-08-10 19:20:57 +0000 |
---|---|---|
committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-08-10 19:20:57 +0000 |
commit | d1ec1aa57d296243d584ad268d8e61d7d1998569 (patch) | |
tree | 2596a6cb913ad8bd78e4670d298dc1d4682b2d23 /cel | |
parent | 4548c33d84f71a04a0416a26b9f0dea0ae061cc4 (diff) |
AST-2009-005
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@211539 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'cel')
-rw-r--r-- | cel/cel_adaptive_odbc.c | 20 | ||||
-rw-r--r-- | cel/cel_pgsql.c | 6 |
2 files changed, 13 insertions, 13 deletions
diff --git a/cel/cel_adaptive_odbc.c b/cel/cel_adaptive_odbc.c index 984f0590f..49a4fff6b 100644 --- a/cel/cel_adaptive_odbc.c +++ b/cel/cel_adaptive_odbc.c @@ -503,7 +503,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) case SQL_TYPE_DATE: { int year = 0, month = 0, day = 0; - if (sscanf(colptr, "%d-%d-%d", &year, &month, &day) != 3 || year <= 0 || + if (sscanf(colptr, "%4d-%2d-%2d", &year, &month, &day) != 3 || year <= 0 || month <= 0 || month > 12 || day < 0 || day > 31 || ((month == 4 || month == 6 || month == 9 || month == 11) && day == 31) || (month == 2 && year % 400 == 0 && day > 29) || @@ -526,7 +526,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) case SQL_TYPE_TIME: { int hour = 0, minute = 0, second = 0; - int count = sscanf(colptr, "%d:%d:%d", &hour, &minute, &second); + int count = sscanf(colptr, "%2d:%2d:%2d", &hour, &minute, &second); if ((count != 2 && count != 3) || hour < 0 || hour > 23 || minute < 0 || minute > 59 || second < 0 || second > 59) { ast_log(LOG_WARNING, "CEL variable %s is not a valid time ('%s').\n", entry->name, colptr); @@ -542,7 +542,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) case SQL_TIMESTAMP: { int year = 0, month = 0, day = 0, hour = 0, minute = 0, second = 0; - int count = sscanf(colptr, "%d-%d-%d %d:%d:%d", &year, &month, &day, &hour, &minute, &second); + int count = sscanf(colptr, "%4d-%2d-%2d %2d:%2d:%2d", &year, &month, &day, &hour, &minute, &second); if ((count != 3 && count != 5 && count != 6) || year <= 0 || month <= 0 || month > 12 || day < 0 || day > 31 || @@ -570,7 +570,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) int integer = 0; if (strcasecmp(entry->name, "eventtype") == 0) { integer = (int) record.event_type; - } else if (sscanf(colptr, "%d", &integer) != 1) { + } else if (sscanf(colptr, "%30d", &integer) != 1) { ast_log(LOG_WARNING, "CEL variable %s is not an integer.\n", entry->name); continue; } @@ -585,7 +585,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) long long integer = 0; if (strcasecmp(entry->name, "eventtype") == 0) { integer = (long long) record.event_type; - } else if (sscanf(colptr, "%lld", &integer) != 1) { + } else if (sscanf(colptr, "%30lld", &integer) != 1) { ast_log(LOG_WARNING, "CEL variable %s is not an integer.\n", entry->name); continue; } @@ -600,7 +600,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) short integer = 0; if (strcasecmp(entry->name, "eventtype") == 0) { integer = (short) record.event_type; - } else if (sscanf(colptr, "%hd", &integer) != 1) { + } else if (sscanf(colptr, "%30hd", &integer) != 1) { ast_log(LOG_WARNING, "CEL variable %s is not an integer.\n", entry->name); continue; } @@ -615,7 +615,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) char integer = 0; if (strcasecmp(entry->name, "eventtype") == 0) { integer = (char) record.event_type; - } else if (sscanf(colptr, "%hhd", &integer) != 1) { + } else if (sscanf(colptr, "%30hhd", &integer) != 1) { ast_log(LOG_WARNING, "CEL variable %s is not an integer.\n", entry->name); continue; } @@ -630,7 +630,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) char integer = 0; if (strcasecmp(entry->name, "eventtype") == 0) { integer = (char) record.event_type; - } else if (sscanf(colptr, "%hhd", &integer) != 1) { + } else if (sscanf(colptr, "%30hhd", &integer) != 1) { ast_log(LOG_WARNING, "CEL variable %s is not an integer.\n", entry->name); continue; } @@ -648,7 +648,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) double number = 0.0; if (strcasecmp(entry->name, "eventtype") == 0) { number = (double)record.event_type; - } else if (sscanf(colptr, "%lf", &number) != 1) { + } else if (sscanf(colptr, "%30lf", &number) != 1) { ast_log(LOG_WARNING, "CEL variable %s is not an numeric type.\n", entry->name); continue; } @@ -665,7 +665,7 @@ static void odbc_log(const struct ast_event *event, void *userdata) double number = 0.0; if (strcasecmp(entry->name, "eventtype") == 0) { number = (double) record.event_type; - } else if (sscanf(colptr, "%lf", &number) != 1) { + } else if (sscanf(colptr, "%30lf", &number) != 1) { ast_log(LOG_WARNING, "CEL variable %s is not an numeric type.\n", entry->name); continue; } diff --git a/cel/cel_pgsql.c b/cel/cel_pgsql.c index 8b10261ee..8ca410449 100644 --- a/cel/cel_pgsql.c +++ b/cel/cel_pgsql.c @@ -244,7 +244,7 @@ static void pgsql_log(const struct ast_event *event, void *userdata) } if (strncmp(cur->type, "int", 3) == 0) { long long whatever; - if (value && sscanf(value, "%lld", &whatever) == 1) { + if (value && sscanf(value, "%30lld", &whatever) == 1) { LENGTHEN_BUF2(26); ast_str_append(&sql2, 0, "%s%lld", SEP, whatever); } else { @@ -253,7 +253,7 @@ static void pgsql_log(const struct ast_event *event, void *userdata) } } else if (strncmp(cur->type, "float", 5) == 0) { long double whatever; - if (value && sscanf(value, "%Lf", &whatever) == 1) { + if (value && sscanf(value, "%30Lf", &whatever) == 1) { LENGTHEN_BUF2(51); ast_str_append(&sql2, 0, "%s%30Lf", SEP, whatever); } else { @@ -493,7 +493,7 @@ static int process_my_load_module(struct ast_config *cfg) ast_verb(4, "Found column '%s' of type '%s'\n", fname, ftype); cur = ast_calloc(1, sizeof(*cur) + strlen(fname) + strlen(ftype) + 2); if (cur) { - sscanf(flen, "%d", &cur->len); + sscanf(flen, "%30d", &cur->len); cur->name = (char *)cur + sizeof(*cur); cur->type = (char *)cur + sizeof(*cur) + strlen(fname) + 1; strcpy(cur->name, fname); |