diff options
author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-07-16 21:54:29 +0000 |
---|---|---|
committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-07-16 21:54:29 +0000 |
commit | ee699a2067fcdb943560b6ba9f2b74c5e32886b1 (patch) | |
tree | e168d3d3bf70d660a921ca773b6e8a634053e198 /res | |
parent | d627c0ec9e0a97e83fbd8cf2e389b4beb7258db9 (diff) |
Since we split values at the semicolon, we should store values with a semicolon as an encoded value.
(closes issue #17369)
Reported by: gkservice
Patches:
20100625__issue17369.diff.txt uploaded by tilghman (license 14)
Tested by: tilghman
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@277568 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'res')
-rw-r--r-- | res/res_config_odbc.c | 105 | ||||
-rw-r--r-- | res/res_config_pgsql.c | 59 |
2 files changed, 133 insertions, 31 deletions
diff --git a/res/res_config_odbc.c b/res/res_config_odbc.c index 5c3c1f669..b735c0cd9 100644 --- a/res/res_config_odbc.c +++ b/res/res_config_odbc.c @@ -1,7 +1,7 @@ /* * Asterisk -- An open source telephony toolkit. * - * Copyright (C) 1999 - 2005, Digium, Inc. + * Copyright (C) 1999 - 2010, Digium, Inc. * * Mark Spencer <markster@digium.com> * @@ -53,18 +53,33 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include "asterisk/options.h" #include "asterisk/res_odbc.h" #include "asterisk/utils.h" +#include "asterisk/stringfields.h" struct custom_prepare_struct { const char *sql; const char *extra; + AST_DECLARE_STRING_FIELDS( + AST_STRING_FIELD(encoding)[256]; + ); va_list ap; }; +static void decode_chunk(char *chunk) +{ + for (; *chunk; chunk++) { + if (*chunk == '^' && strchr("0123456789ABCDEFabcdef", chunk[1]) && strchr("0123456789ABCDEFabcdef", chunk[2])) { + sscanf(chunk + 1, "%02hhd", chunk); + memmove(chunk + 1, chunk + 3, strlen(chunk + 3) + 1); + } + } +} + static SQLHSTMT custom_prepare(struct odbc_obj *obj, void *data) { int res, x = 1; struct custom_prepare_struct *cps = data; const char *newparam, *newval; + char encodebuf[1024]; SQLHSTMT stmt; va_list ap; @@ -85,6 +100,27 @@ static SQLHSTMT custom_prepare(struct odbc_obj *obj, void *data) while ((newparam = va_arg(ap, const char *))) { newval = va_arg(ap, const char *); + if (strchr(newval, ';') || strchr(newval, '^')) { + char *eptr = encodebuf; + const char *vptr = newval; + for (; *vptr && eptr < encodebuf + sizeof(encodebuf); vptr++) { + if (strchr("^;", *vptr)) { + /* We use ^XX, instead of %XX because '%' is a special character in SQL */ + snprintf(eptr, encodebuf + sizeof(encodebuf) - eptr, "^%02hhX", *vptr); + eptr += 3; + vptr++; + } else { + *eptr++ = *vptr++; + } + } + if (eptr < encodebuf + sizeof(encodebuf)) { + *eptr = '\0'; + } else { + encodebuf[sizeof(encodebuf) - 1] = '\0'; + } + ast_string_field_set(cps, encoding[x], encodebuf); + newval = cps->encoding[x]; + } SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(newval), 0, (void *)newval, 0, NULL); } va_end(ap); @@ -118,22 +154,29 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl va_list aq; struct custom_prepare_struct cps = { .sql = sql }; + if (ast_string_field_init(&cps, 256)) { + return NULL; + } va_copy(cps.ap, ap); va_copy(aq, ap); - if (!table) + if (!table) { + ast_string_field_free_memory(&cps); return NULL; + } obj = ast_odbc_request_obj(database, 0); if (!obj) { ast_log(LOG_ERROR, "No database handle available with the name of '%s' (check res_odbc.conf)\n", database); + ast_string_field_free_memory(&cps); return NULL; } newparam = va_arg(aq, const char *); if (!newparam) { ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } newval = va_arg(aq, const char *); @@ -152,6 +195,7 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl if (!stmt) { ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } @@ -160,6 +204,7 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl ast_log(LOG_WARNING, "SQL Column Count error!\n[%s]\n\n", sql); SQLFreeHandle (SQL_HANDLE_STMT, stmt); ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } @@ -167,12 +212,14 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl if (res == SQL_NO_DATA) { SQLFreeHandle (SQL_HANDLE_STMT, stmt); ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) { ast_log(LOG_WARNING, "SQL Fetch error!\n[%s]\n\n", sql); SQLFreeHandle (SQL_HANDLE_STMT, stmt); ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } for (x = 0; x < colcount; x++) { @@ -185,6 +232,7 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl if (var) ast_variables_destroy(var); ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } @@ -201,15 +249,20 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl return NULL; } stringp = rowdata; - while(stringp) { + while (stringp) { chunk = strsep(&stringp, ";"); if (!ast_strlen_zero(ast_strip(chunk))) { + if (strchr(chunk, '^')) { + decode_chunk(chunk); + } if (prev) { prev->next = ast_variable_new(coltitle, chunk); - if (prev->next) + if (prev->next) { prev = prev->next; - } else + } + } else { prev = var = ast_variable_new(coltitle, chunk); + } } } } @@ -217,6 +270,7 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl SQLFreeHandle(SQL_HANDLE_STMT, stmt); ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return var; } @@ -248,20 +302,24 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char * struct custom_prepare_struct cps = { .sql = sql }; va_list aq; + if (!table || ast_string_field_init(&cps, 256)) { + return NULL; + } va_copy(cps.ap, ap); va_copy(aq, ap); - if (!table) - return NULL; memset(&ra, 0, sizeof(ra)); obj = ast_odbc_request_obj(database, 0); - if (!obj) + if (!obj) { + ast_string_field_free_memory(&cps); return NULL; + } newparam = va_arg(aq, const char *); if (!newparam) { ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } initfield = ast_strdupa(newparam); @@ -285,6 +343,7 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char * if (!stmt) { ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } @@ -293,6 +352,7 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char * ast_log(LOG_WARNING, "SQL Column Count error!\n[%s]\n\n", sql); SQLFreeHandle(SQL_HANDLE_STMT, stmt); ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } @@ -301,6 +361,7 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char * ast_log(LOG_WARNING, "Out of memory!\n"); SQLFreeHandle(SQL_HANDLE_STMT, stmt); ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return NULL; } @@ -337,11 +398,15 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char * continue; } stringp = rowdata; - while(stringp) { + while (stringp) { chunk = strsep(&stringp, ";"); if (!ast_strlen_zero(ast_strip(chunk))) { - if (initfield && !strcmp(initfield, coltitle)) + if (strchr(chunk, '^')) { + decode_chunk(chunk); + } + if (initfield && !strcmp(initfield, coltitle)) { ast_category_rename(cat, chunk); + } var = ast_variable_new(coltitle, chunk); ast_variable_append(cat, var); } @@ -352,6 +417,7 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char * SQLFreeHandle(SQL_HANDLE_STMT, stmt); ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return cfg; } @@ -366,19 +432,21 @@ static int update_odbc(const char *database, const char *table, const char *keyf va_list aq; struct custom_prepare_struct cps = { .sql = sql, .extra = lookup }; + if (!table || ast_string_field_init(&cps, 256)) { + return -1; + } va_copy(cps.ap, ap); va_copy(aq, ap); - - if (!table) - return -1; - obj = ast_odbc_request_obj(database, 0); - if (!obj) + if (!(obj = ast_odbc_request_obj(database, 0))) { + ast_string_field_free_memory(&cps); return -1; + } newparam = va_arg(aq, const char *); if (!newparam) { ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return -1; } newval = va_arg(aq, const char *); @@ -394,20 +462,23 @@ static int update_odbc(const char *database, const char *table, const char *keyf if (!stmt) { ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); return -1; } res = SQLRowCount(stmt, &rowcount); SQLFreeHandle (SQL_HANDLE_STMT, stmt); ast_odbc_release_obj(obj); + ast_string_field_free_memory(&cps); if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) { ast_log(LOG_WARNING, "SQL Row Count error!\n[%s]\n\n", sql); return -1; } - if (rowcount >= 0) - return (int)rowcount; + if (rowcount >= 0) { + return (int) rowcount; + } return -1; } diff --git a/res/res_config_pgsql.c b/res/res_config_pgsql.c index 26bb1c0d0..f6cd7250b 100644 --- a/res/res_config_pgsql.c +++ b/res/res_config_pgsql.c @@ -1,8 +1,8 @@ /* * Asterisk -- A telephony toolkit for Linux. * - * Copyright (C) 1999-2005, Digium, Inc. - * + * Copyright (C) 1999-2010, Digium, Inc. + * * Manuel Guesdon <mguesdon@oxymium.net> - Postgresql RealTime Driver Author/Adaptor * Mark Spencer <markster@digium.com> - Asterisk Author * Matthew Boehm <mboehm@cytelcom.com> - MySQL RealTime Driver Author @@ -76,11 +76,42 @@ static struct ast_cli_entry cli_realtime[] = { cli_realtime_pgsql_status_usage }, }; +static char *encode_chunk(const char *chunk, char *buf, size_t len) +{ + char *cptr = buf; + for (; *chunk && cptr < buf + len; chunk++) { + if (strchr(";^", *chunk)) { + snprintf(cptr, buf + len - cptr, "^%02hhX", *chunk); + cptr += 3; + } else { + *cptr++ = *chunk; + } + } + if (cptr < buf + len) { + *cptr = '\0'; + } else { + buf[len - 1] = '\0'; + } + return buf; +} + +static char *decode_chunk(char *chunk) +{ + char *orig = chunk; + for (; *chunk; chunk++) { + if (*chunk == '^' && strchr("0123456789ABCDEFabcdef", chunk[1]) && strchr("0123456789ABCDEFabcdef", chunk[2])) { + sscanf(chunk + 1, "%02hhd", chunk); + memmove(chunk + 1, chunk + 3, strlen(chunk + 3) + 1); + } + } + return orig; +} + static struct ast_variable *realtime_pgsql(const char *database, const char *table, va_list ap) { PGresult *result = NULL; int num_rows = 0, pgerror; - char sql[256], escapebuf[513]; + char sql[256], escapebuf[2049], semibuf[1024]; char *stringp; char *chunk; char *op; @@ -109,7 +140,7 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */ op = strchr(newparam, ' ') ? "" : " ="; - PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + PQescapeStringConn(pgsqlConn, escapebuf, encode_chunk(newval, semibuf, sizeof(semibuf)), (sizeof(escapebuf) - 1) / 2, &pgerror); if (pgerror) { ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); va_end(ap); @@ -125,7 +156,7 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab else op = ""; - PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + PQescapeStringConn(pgsqlConn, escapebuf, encode_chunk(newval, semibuf, sizeof(semibuf)), (sizeof(escapebuf) - 1) / 2, &pgerror); if (pgerror) { ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); va_end(ap); @@ -167,7 +198,7 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab } } - ast_log(LOG_DEBUG, "1Postgresql RealTime: Result=%p Query: %s\n", result, sql); + ast_log(LOG_DEBUG, "Postgresql RealTime: Result=%p Query: %s\n", result, sql); if ((num_rows = PQntuples(result)) > 0) { int i = 0; @@ -189,7 +220,7 @@ static struct ast_variable *realtime_pgsql(const char *database, const char *tab stringp = PQgetvalue(result, rowIndex, i); while (stringp) { chunk = strsep(&stringp, ";"); - if (chunk && !ast_strlen_zero(ast_strip(chunk))) { + if (chunk && !ast_strlen_zero(decode_chunk(ast_strip(chunk)))) { if (prev) { prev->next = ast_variable_new(fieldnames[i], chunk); if (prev->next) { @@ -217,7 +248,7 @@ static struct ast_config *realtime_multi_pgsql(const char *database, const char { PGresult *result = NULL; int num_rows = 0, pgerror; - char sql[256], escapebuf[513]; + char sql[256], escapebuf[2049], semibuf[1024]; const char *initfield = NULL; char *stringp; char *chunk; @@ -264,7 +295,7 @@ static struct ast_config *realtime_multi_pgsql(const char *database, const char else op = ""; - PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + PQescapeStringConn(pgsqlConn, escapebuf, encode_chunk(newval, semibuf, sizeof(semibuf)), (sizeof(escapebuf) - 1) / 2, &pgerror); if (pgerror) { ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); va_end(ap); @@ -280,7 +311,7 @@ static struct ast_config *realtime_multi_pgsql(const char *database, const char else op = ""; - PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + PQescapeStringConn(pgsqlConn, escapebuf, encode_chunk(newval, semibuf, sizeof(semibuf)), (sizeof(escapebuf) - 1) / 2, &pgerror); if (pgerror) { ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); va_end(ap); @@ -353,7 +384,7 @@ static struct ast_config *realtime_multi_pgsql(const char *database, const char stringp = PQgetvalue(result, rowIndex, i); while (stringp) { chunk = strsep(&stringp, ";"); - if (chunk && !ast_strlen_zero(ast_strip(chunk))) { + if (chunk && !ast_strlen_zero(decode_chunk(ast_strip(chunk)))) { if (initfield && !strcmp(initfield, fieldnames[i])) { ast_category_rename(cat, chunk); } @@ -381,7 +412,7 @@ static int update_pgsql(const char *database, const char *table, const char *key { PGresult *result = NULL; int numrows = 0, pgerror; - char sql[256], escapebuf[513]; + char sql[256], escapebuf[2049], semibuf[1024]; const char *newparam, *newval; if (!table) { @@ -405,7 +436,7 @@ static int update_pgsql(const char *database, const char *table, const char *key /* Create the first part of the query using the first parameter/value pairs we just extracted If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */ - PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + PQescapeStringConn(pgsqlConn, escapebuf, encode_chunk(newval, semibuf, sizeof(semibuf)), (sizeof(escapebuf) - 1) / 2, &pgerror); if (pgerror) { ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); va_end(ap); @@ -416,7 +447,7 @@ static int update_pgsql(const char *database, const char *table, const char *key while ((newparam = va_arg(ap, const char *))) { newval = va_arg(ap, const char *); - PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) - 1) / 2, &pgerror); + PQescapeStringConn(pgsqlConn, escapebuf, encode_chunk(newval, semibuf, sizeof(semibuf)), (sizeof(escapebuf) - 1) / 2, &pgerror); if (pgerror) { ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n", newval); va_end(ap); |