[sr-dev] git:5.1:44d1fa36: db_text: avoid buffer overflow for large names and/or values in db_text files

Ovidiu Sas osas at voipembedded.com
Fri May 10 16:13:52 CEST 2019


Module: kamailio
Branch: 5.1
Commit: 44d1fa361c08f6e2be09f7f69bbc3d8fd10f5620
URL: https://github.com/kamailio/kamailio/commit/44d1fa361c08f6e2be09f7f69bbc3d8fd10f5620

Author: Ovidiu Sas <osas at voipembedded.com>
Committer: Ovidiu Sas <osas at voipembedded.com>
Date: 2019-05-10T10:13:36-04:00

db_text: avoid buffer overflow for large names and/or values in db_text files

(cherry picked from commit 20febb28402a2e1ef3c23fda6db0825ae64affc6)

---

Modified: src/modules/db_text/dbt_file.c

---

Diff:  https://github.com/kamailio/kamailio/commit/44d1fa361c08f6e2be09f7f69bbc3d8fd10f5620.diff
Patch: https://github.com/kamailio/kamailio/commit/44d1fa361c08f6e2be09f7f69bbc3d8fd10f5620.patch

---

diff --git a/src/modules/db_text/dbt_file.c b/src/modules/db_text/dbt_file.c
index a2d35c2406..8b88ed8074 100644
--- a/src/modules/db_text/dbt_file.c
+++ b/src/modules/db_text/dbt_file.c
@@ -124,7 +124,7 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn)
 		return NULL;
 	}
 
-	buf = pkg_malloc(_db_text_read_buffer_size);
+	buf = pkg_malloc(_db_text_read_buffer_size+1);
 	if(!buf) {
 		LM_ERR("error allocating read buffer, %i\n", _db_text_read_buffer_size);
 		goto done;
@@ -173,6 +173,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn)
 					if(c==EOF)
 						goto clean;
 					buf[bp++] = c;
+					if (bp==_db_text_read_buffer_size) {
+						LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]."
+							" Please increase 'file_buffer_size' param!\n",
+							path, crow+1, ccol+1, c);
+						goto clean;
+					}
 					c = fgetc(fin);
 				}
 				colp = dbt_column_new(buf, bp);
@@ -453,6 +459,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn)
 									}
 								}
 								buf[bp++] = c;
+								if (bp==_db_text_read_buffer_size) {
+									LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]."
+										" Please increase 'file_buffer_size' param!\n",
+										path, crow+1, ccol+1, c);
+									goto clean;
+								}
 								c = fgetc(fin);
 							}
 							dtval.val.str_val.s = buf;




More information about the sr-dev mailing list