[sr-dev] git:master:20febb28: db_text: avoid buffer overflow for large names and/or values in db_text files

Ovidiu Sas osas at voipembedded.com
Tue Apr 30 20:22:56 CEST 2019


Module: kamailio
Branch: master
Commit: 20febb28402a2e1ef3c23fda6db0825ae64affc6
URL: https://github.com/kamailio/kamailio/commit/20febb28402a2e1ef3c23fda6db0825ae64affc6

Author: Ovidiu Sas <osas at voipembedded.com>
Committer: Ovidiu Sas <osas at voipembedded.com>
Date: 2019-04-30T14:21:38-04:00

db_text: avoid buffer overflow for large names and/or values in db_text files

---

Modified: src/modules/db_text/dbt_file.c

---

Diff:  https://github.com/kamailio/kamailio/commit/20febb28402a2e1ef3c23fda6db0825ae64affc6.diff
Patch: https://github.com/kamailio/kamailio/commit/20febb28402a2e1ef3c23fda6db0825ae64affc6.patch

---

diff --git a/src/modules/db_text/dbt_file.c b/src/modules/db_text/dbt_file.c
index a2d35c2406..8b88ed8074 100644
--- a/src/modules/db_text/dbt_file.c
+++ b/src/modules/db_text/dbt_file.c
@@ -124,7 +124,7 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn)
 		return NULL;
 	}
 
-	buf = pkg_malloc(_db_text_read_buffer_size);
+	buf = pkg_malloc(_db_text_read_buffer_size+1);
 	if(!buf) {
 		LM_ERR("error allocating read buffer, %i\n", _db_text_read_buffer_size);
 		goto done;
@@ -173,6 +173,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn)
 					if(c==EOF)
 						goto clean;
 					buf[bp++] = c;
+					if (bp==_db_text_read_buffer_size) {
+						LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]."
+							" Please increase 'file_buffer_size' param!\n",
+							path, crow+1, ccol+1, c);
+						goto clean;
+					}
 					c = fgetc(fin);
 				}
 				colp = dbt_column_new(buf, bp);
@@ -453,6 +459,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn)
 									}
 								}
 								buf[bp++] = c;
+								if (bp==_db_text_read_buffer_size) {
+									LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]."
+										" Please increase 'file_buffer_size' param!\n",
+										path, crow+1, ccol+1, c);
+									goto clean;
+								}
 								c = fgetc(fin);
 							}
 							dtval.val.str_val.s = buf;




More information about the sr-dev mailing list