[sr-dev] git:master:f06e09b3: db_text: safety checks before memsets inside dbt_build_where()

Daniel-Constantin Mierla miconda at gmail.com
Fri Jul 28 10:45:56 CEST 2017 

Module: kamailio
Branch: master
Commit: f06e09b3a83f88678318f4aabeb6afdbf5a46ff0
URL: https://github.com/kamailio/kamailio/commit/f06e09b3a83f88678318f4aabeb6afdbf5a46ff0

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2017-07-28T10:45:07+02:00

db_text: safety checks before memsets inside dbt_build_where()

---

Modified: src/modules/db_text/dbt_raw_util.c

---

Diff:  https://github.com/kamailio/kamailio/commit/f06e09b3a83f88678318f4aabeb6afdbf5a46ff0.diff
Patch: https://github.com/kamailio/kamailio/commit/f06e09b3a83f88678318f4aabeb6afdbf5a46ff0.patch

---

diff --git a/src/modules/db_text/dbt_raw_util.c b/src/modules/db_text/dbt_raw_util.c
index 92b60287d6..f5cf756e25 100644
--- a/src/modules/db_text/dbt_raw_util.c
+++ b/src/modules/db_text/dbt_raw_util.c
@@ -183,13 +183,12 @@ int dbt_build_where(char* where, db_key_t** _k, db_op_t** _o, db_val_t** _v)
 	int offset = 0;
 	int idx = -1;
 	char int_buf[50];
+	int res;
 
 	*_k = NULL;
 	*_o = NULL;
 	*_v = NULL;
 
-	int res;
-
 	len = strlen(where);
 
 	res = regcomp(&preg, _regexp, REG_EXTENDED);
@@ -199,21 +198,21 @@ int dbt_build_where(char* where, db_key_t** _k, db_op_t** _o, db_val_t** _v)
 	}
 
 	_k1 = pkg_malloc(sizeof(db_key_t) * MAX_CLAUSES);
-	memset(_k1, 0, sizeof(db_key_t) * MAX_CLAUSES);
 	_o1 = pkg_malloc(sizeof(char*) * MAX_CLAUSES);
-	memset(_o1, 0, sizeof(db_op_t) * MAX_CLAUSES);
 	_v1 = pkg_malloc(sizeof(db_val_t) * MAX_CLAUSES);
-	memset(_v1, 0, sizeof(db_val_t) * MAX_CLAUSES);
-
 	matches = (regmatch_t*)pkg_malloc(sizeof(regmatch_t) * MAX_MATCH);
-	if(matches==NULL || _k1==NULL || _o1==NULL || _v1==NULL) {
+
+	if(_k1==NULL || _o1==NULL || _v1==NULL || matches==NULL) {
 		LM_ERR("error getting pkg memory\n");
-		pkg_free(_k1);
-		pkg_free(_o1);
-		pkg_free(_v1);
-		pkg_free(matches);
+		if(_k1) pkg_free(_k1);
+		if(_o1) pkg_free(_o1);
+		if(_v1) pkg_free(_v1);
+		if(matches) pkg_free(matches);
 		return -1;
 	}
+	memset(_k1, 0, sizeof(db_key_t) * MAX_CLAUSES);
+	memset(_o1, 0, sizeof(char*) * MAX_CLAUSES);
+	memset(_v1, 0, sizeof(db_val_t) * MAX_CLAUSES);
 
 	while(offset < len) {
 		char* buffer = where + offset;

More information about the sr-dev mailing list