[sr-dev] git:master: xcap_server: check xml document validity for db interaction
Daniel-Constantin Mierla
miconda at gmail.com
Tue Sep 13 18:58:42 CEST 2011
Module: sip-router
Branch: master
Commit: b111f84d6afc3cfe1b4906771e0d406e377f2e31
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b111f84d6afc3cfe1b4906771e0d406e377f2e31
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: Tue Sep 13 18:56:54 2011 +0200
xcap_server: check xml document validity for db interaction
- check if xcap doc is xml valid before inserting in db as well as when
retrieving from db
- better safety check for retrieval of etag value from database record
- reported and intial patch by Laura Testi
---
modules_k/xcap_server/xcap_misc.c | 20 ++++++++++++++++++++
modules_k/xcap_server/xcap_misc.h | 1 +
modules_k/xcap_server/xcap_server.c | 21 +++++++++++++++++----
3 files changed, 38 insertions(+), 4 deletions(-)
diff --git a/modules_k/xcap_server/xcap_misc.c b/modules_k/xcap_server/xcap_misc.c
index f8a0228..0a0b559 100644
--- a/modules_k/xcap_server/xcap_misc.c
+++ b/modules_k/xcap_server/xcap_misc.c
@@ -665,6 +665,26 @@ error:
}
/**
+ * check if provided XML doc is valid
+ * - return -1 if document is invalid or 0 if document is valid
+ */
+int xcaps_check_doc_validity(str *doc)
+{
+
+ xmlDocPtr docxml = NULL;
+
+ if(doc==NULL || doc->s==NULL || doc->len<0)
+ return -1;
+
+ docxml = xmlParseMemory(doc->s, doc->len);
+ if(docxml==NULL)
+ return -1;
+ xmlFreeDoc(docxml);
+ return 0;
+}
+
+
+/**
* xcapuri PV export
*/
typedef struct _pv_xcap_uri {
diff --git a/modules_k/xcap_server/xcap_misc.h b/modules_k/xcap_server/xcap_misc.h
index 4fcd3d1..05476ba 100644
--- a/modules_k/xcap_server/xcap_misc.h
+++ b/modules_k/xcap_server/xcap_misc.h
@@ -53,6 +53,7 @@ typedef struct xcap_uri {
int xcap_parse_uri(str *huri, str *xroot, xcap_uri_t *xuri);
int xcaps_xpath_set(str *inbuf, str *xpaths, str *val, str *outbuf);
int xcaps_xpath_get(str *inbuf, str *xpaths, str *outbuf);
+int xcaps_check_doc_validity(str *doc);
int pv_get_xcap_uri(struct sip_msg *msg, pv_param_t *param,
pv_value_t *res);
diff --git a/modules_k/xcap_server/xcap_server.c b/modules_k/xcap_server/xcap_server.c
index be98fb4..33f5629 100644
--- a/modules_k/xcap_server/xcap_server.c
+++ b/modules_k/xcap_server/xcap_server.c
@@ -335,6 +335,11 @@ static int xcaps_put_db(str* user, str *domain, xcap_uri_t *xuri, str *etag,
db_val_t qvals[9];
int ncols = 0;
+ if(xcaps_check_doc_validity(doc)<0)
+ {
+ LM_ERR("invalid xml doc to insert in database\n");
+ goto error;
+ }
/* insert in xcap table*/
qcols[ncols] = &str_username_col;
@@ -680,6 +685,12 @@ static int xcaps_get_db_doc(str* user, str *domain, xcap_uri_t *xuri, str *doc)
memcpy(doc->s, s.s, s.len);
doc->s[doc->len] = '\0';
+ if(xcaps_check_doc_validity(doc)<0)
+ {
+ LM_ERR("invalid xml doc retrieved from database\n");
+ goto error;
+ }
+
xcaps_dbf.free_result(xcaps_db, db_res);
return 0;
@@ -694,6 +705,8 @@ error:
}
/**
+ * get the etag from database record for (user at domain, xuri)
+ * - return: -1 error; 0 - found; 1 - not found
*
*/
static int xcaps_get_db_etag(str* user, str *domain, xcap_uri_t *xuri, str *etag)
@@ -970,9 +983,9 @@ static int w_xcaps_del(sip_msg_t* msg, char* puri, char* ppath)
str uri;
str path;
xcap_uri_t xuri;
- str body;
- str etag_hdr;
- str etag;
+ str body = {0, 0};
+ str etag_hdr = {0, 0};
+ str etag = {0, 0};
str tbuf;
if(puri==0 || ppath==0)
@@ -1016,7 +1029,7 @@ static int w_xcaps_del(sip_msg_t* msg, char* puri, char* ppath)
goto error;
}
- if(xcaps_get_db_etag(&turi.user, &turi.host, &xuri, &etag)<0)
+ if(xcaps_get_db_etag(&turi.user, &turi.host, &xuri, &etag)!=0)
{
LM_ERR("could not fetch etag for xcap document\n");
goto error;
More information about the sr-dev
mailing list