[sr-dev] git:master:f83a695d: Revert "db_postgres: Fix heap use after free error in db_postgres module" (after some discussions)

Carsten Bock carsten at ng-voice.com
Thu Sep 17 16:29:38 CEST 2015 

Module: kamailio
Branch: master
Commit: f83a695d70cfd4aea09383e8e235d4184dc1521e
URL: https://github.com/kamailio/kamailio/commit/f83a695d70cfd4aea09383e8e235d4184dc1521e

Author: Carsten Bock <carsten at ng-voice.com>
Committer: Carsten Bock <carsten at ng-voice.com>
Date: 2015-09-17T16:28:59+02:00

Revert "db_postgres: Fix heap use after free error in db_postgres module" (after some discussions)

This reverts commit 74c84c7cd52347fcd1c90e75dca239b5f758169b.

---

Modified: modules/db_postgres/km_pg_con.c
Modified: modules/db_postgres/km_res.c

---

Diff:  https://github.com/kamailio/kamailio/commit/f83a695d70cfd4aea09383e8e235d4184dc1521e.diff
Patch: https://github.com/kamailio/kamailio/commit/f83a695d70cfd4aea09383e8e235d4184dc1521e.patch

---

diff --git a/modules/db_postgres/km_pg_con.c b/modules/db_postgres/km_pg_con.c
index d053c55..ec98add 100644
--- a/modules/db_postgres/km_pg_con.c
+++ b/modules/db_postgres/km_pg_con.c
@@ -71,6 +71,10 @@ struct pg_con* db_postgres_new_connection(struct db_id* id)
 	memset(ptr, 0, sizeof(struct pg_con));
 	ptr->ref = 1;
 
+	memset(keywords, 0, (sizeof(char*) * 10));
+	memset(values, 0, (sizeof(char*) * 10));
+	memset(to, 0, (sizeof(char) * 16));
+
 	if (id->port) {
 		ports = int2str(id->port, 0);
 		keywords[i] = "port";
diff --git a/modules/db_postgres/km_res.c b/modules/db_postgres/km_res.c
index 912206b..e9aa232 100644
--- a/modules/db_postgres/km_res.c
+++ b/modules/db_postgres/km_res.c
@@ -126,14 +126,8 @@ int db_postgres_get_columns(const db1_con_t* _h, db1_res_t* _r)
 				RES_NAMES(_r)[col]);
 
 		/* The pointer that is here returned is part of the result structure. */
-		RES_NAMES(_r)[col]->s = pkg_malloc(strlen(PQfname(CON_RESULT(_h), col))+1);
-		if (! RES_NAMES(_r)[col]->s) {
-			LM_ERR("no private memory left\n");
-			db_free_columns(_r);
-			return -4;
-		}
-		strcpy(RES_NAMES(_r)[col]->s, PQfname(CON_RESULT(_h), col));
-		RES_NAMES(_r)[col]->len = strlen(RES_NAMES(_r)[col]->s);
+		RES_NAMES(_r)[col]->s = PQfname(CON_RESULT(_h), col);
+		RES_NAMES(_r)[col]->len = strlen(PQfname(CON_RESULT(_h), col));
 
 		LM_DBG("RES_NAMES(%p)[%d]=[%.*s]\n", RES_NAMES(_r)[col], col,
 				RES_NAMES(_r)[col]->len, RES_NAMES(_r)[col]->s);

More information about the sr-dev mailing list