[sr-dev] git:master:53e1326f: sqlops: Add NULL parameter check to C/KEMI API functions
Hugh Waite
hughw273 at gmail.com
Sat Mar 3 19:03:32 CET 2018
Module: kamailio
Branch: master
Commit: 53e1326f25e57491343a86a52b7ddf7919acce12
URL: https://github.com/kamailio/kamailio/commit/53e1326f25e57491343a86a52b7ddf7919acce12
Author: Hugh Waite <hughw273 at gmail.com>
Committer: Hugh Waite <hughw273 at gmail.com>
Date: 2018-03-01T22:54:18Z
sqlops: Add NULL parameter check to C/KEMI API functions
- Check for NULL string parameters to prevent crashes
sqlops_do_query, sqlops_get_value, sqlops_is_null, sqlops_get_column, sqlops_reset_result, sqlops_num_rows, sqlops_num_columns, sqlops_do_xquery
---
Modified: src/modules/sqlops/sql_api.c
---
Diff: https://github.com/kamailio/kamailio/commit/53e1326f25e57491343a86a52b7ddf7919acce12.diff
Patch: https://github.com/kamailio/kamailio/commit/53e1326f25e57491343a86a52b7ddf7919acce12.patch
---
diff --git a/src/modules/sqlops/sql_api.c b/src/modules/sqlops/sql_api.c
index 825f77602a..21fbfa950f 100644
--- a/src/modules/sqlops/sql_api.c
+++ b/src/modules/sqlops/sql_api.c
@@ -697,16 +697,27 @@ int sqlops_do_query(str *scon, str *squery, str *sres)
sql_con_t *con = NULL;
sql_result_t *res = NULL;
+ if (scon == NULL || scon->s == NULL)
+ {
+ LM_ERR("invalid connection name\n");
+ goto error;
+ }
+
con = sql_get_connection(scon);
if(con==NULL)
{
LM_ERR("invalid connection [%.*s]\n", scon->len, scon->s);
goto error;
}
- if (sres && ((res = sql_get_result(sres)) == NULL))
+ /* Result parameter is optional */
+ if (sres && sres->s)
{
- LM_ERR("invalid result [%.*s]\n", sres->len, sres->s);
- goto error;
+ res = sql_get_result(sres);
+ if(res==NULL)
+ {
+ LM_ERR("invalid result [%.*s]\n", sres->len, sres->s);
+ goto error;
+ }
}
if(sql_do_query(con, squery, res)<0)
goto error;
@@ -723,6 +734,12 @@ int sqlops_get_value(str *sres, int i, int j, sql_val_t **val)
{
sql_result_t *res = NULL;
+ if (sres == NULL || sres->s == NULL)
+ {
+ LM_ERR("invalid result name\n");
+ goto error;
+ }
+
res = sql_get_result(sres);
if(res==NULL)
{
@@ -753,6 +770,12 @@ int sqlops_is_null(str *sres, int i, int j)
{
sql_result_t *res = NULL;
+ if (sres == NULL || sres->s == NULL)
+ {
+ LM_ERR("invalid result name\n");
+ goto error;
+ }
+
res = sql_get_result(sres);
if(res==NULL)
{
@@ -783,6 +806,12 @@ int sqlops_get_column(str *sres, int i, str *col)
{
sql_result_t *res = NULL;
+ if (sres == NULL || sres->s == NULL)
+ {
+ LM_ERR("invalid result name\n");
+ goto error;
+ }
+
res = sql_get_result(sres);
if(res==NULL)
{
@@ -807,6 +836,12 @@ int sqlops_num_columns(str *sres)
{
sql_result_t *res = NULL;
+ if (sres == NULL || sres->s == NULL)
+ {
+ LM_ERR("invalid result name\n");
+ goto error;
+ }
+
res = sql_get_result(sres);
if(res==NULL)
{
@@ -825,6 +860,12 @@ int sqlops_num_rows(str *sres)
{
sql_result_t *res = NULL;
+ if (sres == NULL || sres->s == NULL)
+ {
+ LM_ERR("invalid result name\n");
+ goto error;
+ }
+
res = sql_get_result(sres);
if(res==NULL)
{
@@ -843,6 +884,12 @@ void sqlops_reset_result(str *sres)
{
sql_result_t *res = NULL;
+ if (sres == NULL || sres->s == NULL)
+ {
+ LM_ERR("invalid result name\n");
+ return;
+ }
+
res = sql_get_result(sres);
if(res==NULL)
{
@@ -861,6 +908,12 @@ int sqlops_do_xquery(sip_msg_t *msg, str *scon, str *squery, str *xavp)
{
sql_con_t *con = NULL;
+ if (scon == NULL || scon->s == NULL)
+ {
+ LM_ERR("invalid connection name\n");
+ goto error;
+ }
+
con = sql_get_connection(scon);
if(con==NULL)
{
More information about the sr-dev
mailing list