[sr-dev] git:master:20febb28: db_text: avoid buffer overflow for large names and/or values in db_text files
Ovidiu Sas
osas at voipembedded.com
Tue Apr 30 20:22:56 CEST 2019
Module: kamailio
Branch: master
Commit: 20febb28402a2e1ef3c23fda6db0825ae64affc6
URL: https://github.com/kamailio/kamailio/commit/20febb28402a2e1ef3c23fda6db0825ae64affc6
Author: Ovidiu Sas <osas at voipembedded.com>
Committer: Ovidiu Sas <osas at voipembedded.com>
Date: 2019-04-30T14:21:38-04:00
db_text: avoid buffer overflow for large names and/or values in db_text files
---
Modified: src/modules/db_text/dbt_file.c
---
Diff: https://github.com/kamailio/kamailio/commit/20febb28402a2e1ef3c23fda6db0825ae64affc6.diff
Patch: https://github.com/kamailio/kamailio/commit/20febb28402a2e1ef3c23fda6db0825ae64affc6.patch
---
diff --git a/src/modules/db_text/dbt_file.c b/src/modules/db_text/dbt_file.c
index a2d35c2406..8b88ed8074 100644
--- a/src/modules/db_text/dbt_file.c
+++ b/src/modules/db_text/dbt_file.c
@@ -124,7 +124,7 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn)
return NULL;
}
- buf = pkg_malloc(_db_text_read_buffer_size);
+ buf = pkg_malloc(_db_text_read_buffer_size+1);
if(!buf) {
LM_ERR("error allocating read buffer, %i\n", _db_text_read_buffer_size);
goto done;
@@ -173,6 +173,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn)
if(c==EOF)
goto clean;
buf[bp++] = c;
+ if (bp==_db_text_read_buffer_size) {
+ LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]."
+ " Please increase 'file_buffer_size' param!\n",
+ path, crow+1, ccol+1, c);
+ goto clean;
+ }
c = fgetc(fin);
}
colp = dbt_column_new(buf, bp);
@@ -453,6 +459,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn)
}
}
buf[bp++] = c;
+ if (bp==_db_text_read_buffer_size) {
+ LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]."
+ " Please increase 'file_buffer_size' param!\n",
+ path, crow+1, ccol+1, c);
+ goto clean;
+ }
c = fgetc(fin);
}
dtval.val.str_val.s = buf;
More information about the sr-dev
mailing list