[sr-dev] git:master: xcap_server: check xml document validity for db interaction

Daniel-Constantin Mierla miconda at gmail.com
Tue Sep 13 18:58:42 CEST 2011


Module: sip-router
Branch: master
Commit: b111f84d6afc3cfe1b4906771e0d406e377f2e31
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b111f84d6afc3cfe1b4906771e0d406e377f2e31

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Tue Sep 13 18:56:54 2011 +0200

xcap_server: check xml document validity for db interaction

- check if xcap doc is xml valid before inserting in db as well as when
  retrieving from db
- better safety check for retrieval of etag value from database record
- reported and intial patch by Laura Testi

---

 modules_k/xcap_server/xcap_misc.c   |   20 ++++++++++++++++++++
 modules_k/xcap_server/xcap_misc.h   |    1 +
 modules_k/xcap_server/xcap_server.c |   21 +++++++++++++++++----
 3 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/modules_k/xcap_server/xcap_misc.c b/modules_k/xcap_server/xcap_misc.c
index f8a0228..0a0b559 100644
--- a/modules_k/xcap_server/xcap_misc.c
+++ b/modules_k/xcap_server/xcap_misc.c
@@ -665,6 +665,26 @@ error:
 }
 
 /**
+ * check if provided XML doc is valid
+ * - return -1 if document is invalid or 0 if document is valid
+ */
+int xcaps_check_doc_validity(str *doc)
+{
+
+	xmlDocPtr docxml = NULL;
+
+	if(doc==NULL || doc->s==NULL || doc->len<0)
+		return -1;
+
+	docxml = xmlParseMemory(doc->s, doc->len);
+	if(docxml==NULL)
+		return -1;
+	xmlFreeDoc(docxml);
+	return 0;
+}
+
+
+/**
  * xcapuri PV export
  */
 typedef struct _pv_xcap_uri {
diff --git a/modules_k/xcap_server/xcap_misc.h b/modules_k/xcap_server/xcap_misc.h
index 4fcd3d1..05476ba 100644
--- a/modules_k/xcap_server/xcap_misc.h
+++ b/modules_k/xcap_server/xcap_misc.h
@@ -53,6 +53,7 @@ typedef struct xcap_uri {
 int xcap_parse_uri(str *huri, str *xroot, xcap_uri_t *xuri);
 int xcaps_xpath_set(str *inbuf, str *xpaths, str *val, str *outbuf);
 int xcaps_xpath_get(str *inbuf, str *xpaths, str *outbuf);
+int xcaps_check_doc_validity(str *doc);
 
 int pv_get_xcap_uri(struct sip_msg *msg,  pv_param_t *param,
 		pv_value_t *res);
diff --git a/modules_k/xcap_server/xcap_server.c b/modules_k/xcap_server/xcap_server.c
index be98fb4..33f5629 100644
--- a/modules_k/xcap_server/xcap_server.c
+++ b/modules_k/xcap_server/xcap_server.c
@@ -335,6 +335,11 @@ static int xcaps_put_db(str* user, str *domain, xcap_uri_t *xuri, str *etag,
 	db_val_t qvals[9];
 	int ncols = 0;
 
+	if(xcaps_check_doc_validity(doc)<0)
+	{
+		LM_ERR("invalid xml doc to insert in database\n");
+		goto error;
+	}
 
 	/* insert in xcap table*/
 	qcols[ncols] = &str_username_col;
@@ -680,6 +685,12 @@ static int xcaps_get_db_doc(str* user, str *domain, xcap_uri_t *xuri, str *doc)
 	memcpy(doc->s, s.s, s.len);
 	doc->s[doc->len] = '\0';
 
+	if(xcaps_check_doc_validity(doc)<0)
+	{
+		LM_ERR("invalid xml doc retrieved from database\n");
+		goto error;
+	}
+
 	xcaps_dbf.free_result(xcaps_db, db_res);
 	return 0;
 
@@ -694,6 +705,8 @@ error:
 }
 
 /**
+ * get the etag from database record for (user at domain, xuri)
+ * - return: -1 error; 0 - found; 1 - not found
  *
  */
 static int xcaps_get_db_etag(str* user, str *domain, xcap_uri_t *xuri, str *etag)
@@ -970,9 +983,9 @@ static int w_xcaps_del(sip_msg_t* msg, char* puri, char* ppath)
 	str uri;
 	str path;
 	xcap_uri_t xuri;
-	str body;
-	str etag_hdr;
-	str etag;
+	str body = {0, 0};
+	str etag_hdr = {0, 0};
+	str etag = {0, 0};
 	str tbuf;
 
 	if(puri==0 || ppath==0)
@@ -1016,7 +1029,7 @@ static int w_xcaps_del(sip_msg_t* msg, char* puri, char* ppath)
 		goto error;
 	}
 
-	if(xcaps_get_db_etag(&turi.user, &turi.host, &xuri, &etag)<0)
+	if(xcaps_get_db_etag(&turi.user, &turi.host, &xuri, &etag)!=0)
 	{ 
 		LM_ERR("could not fetch etag for xcap document\n");
 		goto error;




More information about the sr-dev mailing list