diff options
author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2007-11-29 19:24:11 +0000 |
---|---|---|
committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2007-11-29 19:24:11 +0000 |
commit | 6cd13b68df9bd785d32052aa36c1ee4a0d73ff1f (patch) | |
tree | b8a42783d6edd03bffc52e486085ecc9f7ee0912 /res/res_config_pgsql.c | |
parent | 8417f20fe68be3b186eedbaffd3e5462f5153111 (diff) |
Properly escape input buffers (Fixes AST-2007-025)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@90160 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'res/res_config_pgsql.c')
-rw-r--r-- | res/res_config_pgsql.c | 79 |
1 files changed, 66 insertions, 13 deletions
diff --git a/res/res_config_pgsql.c b/res/res_config_pgsql.c index 212e1b270..4d0f16c2c 100644 --- a/res/res_config_pgsql.c +++ b/res/res_config_pgsql.c @@ -79,8 +79,8 @@ static struct ast_cli_entry cli_realtime[] = { static struct ast_variable *realtime_pgsql(const char *database, const char *table, va_list ap) { PGresult *result = NULL; - int num_rows = 0; - char sql[256]; + int num_rows = 0, pgerror; + char sql[256], escapebuf[513]; char *stringp; char *chunk; char *op; @@ -109,16 +109,31 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */ op = strchr(newparam, ' ') ? "" : " ="; + PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + if (pgerror) { + ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); + va_end(ap); + return NULL; + } + snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, - newval); + escapebuf); while ((newparam = va_arg(ap, const char *))) { newval = va_arg(ap, const char *); if (!strchr(newparam, ' ')) op = " ="; else op = ""; + + PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + if (pgerror) { + ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); + va_end(ap); + return NULL; + } + snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam, - op, newval); + op, escapebuf); } va_end(ap); @@ -202,8 +217,8 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab static struct ast_config *realtime_multi_pgsql(const char *database, const char *table, va_list ap) { PGresult *result = NULL; - int num_rows = 0; - char sql[256]; + int num_rows = 0, pgerror; + char sql[256], escapebuf[513]; const char *initfield = NULL; char *stringp; char *chunk; @@ -250,16 +265,31 @@ static struct ast_config *realtime_multi_pgsql(const char *database, const char else op = ""; + PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + if (pgerror) { + ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); + va_end(ap); + return NULL; + } + snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, - newval); + escapebuf); while ((newparam = va_arg(ap, const char *))) { newval = va_arg(ap, const char *); if (!strchr(newparam, ' ')) op = " ="; else op = ""; + + PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + if (pgerror) { + ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); + va_end(ap); + return NULL; + } + snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam, - op, newval); + op, escapebuf); } if (initfield) { @@ -351,8 +381,8 @@ static int update_pgsql(const char *database, const char *table, const char *key const char *lookup, va_list ap) { PGresult *result = NULL; - int numrows = 0; - char sql[256]; + int numrows = 0, pgerror; + char sql[256], escapebuf[513]; const char *newparam, *newval; if (!table) { @@ -376,15 +406,38 @@ static int update_pgsql(const char *database, const char *table, const char *key /* Create the first part of the query using the first parameter/value pairs we just extracted If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */ - snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam, newval); + PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + if (pgerror) { + ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); + va_end(ap); + return -1; + } + snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam, escapebuf); + while ((newparam = va_arg(ap, const char *))) { newval = va_arg(ap, const char *); + + PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + if (pgerror) { + ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); + va_end(ap); + return -1; + } + snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), ", %s = '%s'", newparam, - newval); + escapebuf); } va_end(ap); + + PQescapeStringConn(pgsqlConn, escapebuf, lookup, (sizeof(escapebuf) - 1) / 2, &pgerror); + if (pgerror) { + ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", lookup); + va_end(ap); + return -1; + } + snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " WHERE %s = '%s'", keyfield, - lookup); + escapebuf); ast_log(LOG_DEBUG, "Postgresql RealTime: Update SQL: %s\n", sql); |