[sr-dev] git:master: mtree: safety checks for column types and values

Daniel-Constantin Mierla miconda at gmail.com
Tue Mar 18 17:12:25 CET 2014 

Module: sip-router
Branch: master
Commit: 6c0370b806aebcdd6c7c000536be3d9ae6154837
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6c0370b806aebcdd6c7c000536be3d9ae6154837

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Tue Mar 18 17:10:56 2014 +0100

mtree: safety checks for column types and values

- following the report FS#412 by adeel

---

 modules/mtree/mtree_mod.c |   23 +++++++++++++++++------
 1 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/modules/mtree/mtree_mod.c b/modules/mtree/mtree_mod.c
index 1ef03c5..b6ed382 100644
--- a/modules/mtree/mtree_mod.c
+++ b/modules/mtree/mtree_mod.c
@@ -548,12 +548,11 @@ static int mt_load_db(m_tree_t *pt)
 		if(mt_dbf.fetch_result(db_con, &db_res, mt_fetch_rows)<0)
 		{
 			LM_ERR("Error while fetching result\n");
-			if (db_res)
-				mt_dbf.free_result(db_con, db_res);
 			goto error;
 		} else {
 			if(RES_ROW_N(db_res)==0)
 			{
+				mt_dbf.free_result(db_con, db_res);
 				return 0;
 			}
 		}
@@ -562,9 +561,9 @@ static int mt_load_db(m_tree_t *pt)
 						pt->multi, 2, 0, &db_res))!=0
 				|| RES_ROW_N(db_res)<=0 )
 		{
-			mt_dbf.free_result(db_con, db_res);
-			if( ret==0)
+			if(ret==0)
 			{
+				mt_dbf.free_result(db_con, db_res);
 				return 0;
 			} else {
 				goto error;
@@ -572,15 +571,27 @@ static int mt_load_db(m_tree_t *pt)
 		}
 	}
 
+	if(RES_ROW_N(db_res)>0)
+	{
+		if(RES_ROWS(db_res)[0].values[0].type != DB1_STRING
+				|| RES_ROWS(db_res)[0].values[1].type != DB1_STRING)
+		{
+			LM_ERR("wrond column types in db table (%d / %d)\n",
+					RES_ROWS(db_res)[0].values[0].type,
+					RES_ROWS(db_res)[0].values[1].type);
+			goto error;
+		}
+	}
+
 	do {
 		for(i=0; i<RES_ROW_N(db_res); i++)
 		{
 			/* check for NULL values ?!?! */
 			tprefix.s = (char*)(RES_ROWS(db_res)[i].values[0].val.string_val);
-			tprefix.len = strlen(tprefix.s);
+			tprefix.len = strlen(ZSW(tprefix.s));
 
 			tvalue.s = (char*)(RES_ROWS(db_res)[i].values[1].val.string_val);
-			tvalue.len = strlen(tvalue.s);
+			tvalue.len = strlen(ZSW(tvalue.s));
 
 			if(tprefix.s==NULL || tvalue.s==NULL
 					|| tprefix.len<=0 || tvalue.len<=0)

More information about the sr-dev mailing list