Module: kamailio Branch: master Commit: 53e1326f25e57491343a86a52b7ddf7919acce12 URL: https://github.com/kamailio/kamailio/commit/53e1326f25e57491343a86a52b7ddf7919acce12
Author: Hugh Waite <[email protected]> Committer: Hugh Waite <[email protected]> Date: 2018-03-01T22:54:18Z sqlops: Add NULL parameter check to C/KEMI API functions - Check for NULL string parameters to prevent crashes sqlops_do_query, sqlops_get_value, sqlops_is_null, sqlops_get_column, sqlops_reset_result, sqlops_num_rows, sqlops_num_columns, sqlops_do_xquery --- Modified: src/modules/sqlops/sql_api.c --- Diff: https://github.com/kamailio/kamailio/commit/53e1326f25e57491343a86a52b7ddf7919acce12.diff Patch: https://github.com/kamailio/kamailio/commit/53e1326f25e57491343a86a52b7ddf7919acce12.patch --- diff --git a/src/modules/sqlops/sql_api.c b/src/modules/sqlops/sql_api.c index 825f77602a..21fbfa950f 100644 --- a/src/modules/sqlops/sql_api.c +++ b/src/modules/sqlops/sql_api.c @@ -697,16 +697,27 @@ int sqlops_do_query(str *scon, str *squery, str *sres) sql_con_t *con = NULL; sql_result_t *res = NULL; + if (scon == NULL || scon->s == NULL) + { + LM_ERR("invalid connection name\n"); + goto error; + } + con = sql_get_connection(scon); if(con==NULL) { LM_ERR("invalid connection [%.*s]\n", scon->len, scon->s); goto error; } - if (sres && ((res = sql_get_result(sres)) == NULL)) + /* Result parameter is optional */ + if (sres && sres->s) { - LM_ERR("invalid result [%.*s]\n", sres->len, sres->s); - goto error; + res = sql_get_result(sres); + if(res==NULL) + { + LM_ERR("invalid result [%.*s]\n", sres->len, sres->s); + goto error; + } } if(sql_do_query(con, squery, res)<0) goto error; @@ -723,6 +734,12 @@ int sqlops_get_value(str *sres, int i, int j, sql_val_t **val) { sql_result_t *res = NULL; + if (sres == NULL || sres->s == NULL) + { + LM_ERR("invalid result name\n"); + goto error; + } + res = sql_get_result(sres); if(res==NULL) { @@ -753,6 +770,12 @@ int sqlops_is_null(str *sres, int i, int j) { sql_result_t *res = NULL; + if (sres == NULL || sres->s == NULL) + { + LM_ERR("invalid result name\n"); + goto error; + } + res = sql_get_result(sres); if(res==NULL) { @@ -783,6 +806,12 @@ int sqlops_get_column(str *sres, int i, str *col) { sql_result_t *res = NULL; + if (sres == NULL || sres->s == NULL) + { + LM_ERR("invalid result name\n"); + goto error; + } + res = sql_get_result(sres); if(res==NULL) { @@ -807,6 +836,12 @@ int sqlops_num_columns(str *sres) { sql_result_t *res = NULL; + if (sres == NULL || sres->s == NULL) + { + LM_ERR("invalid result name\n"); + goto error; + } + res = sql_get_result(sres); if(res==NULL) { @@ -825,6 +860,12 @@ int sqlops_num_rows(str *sres) { sql_result_t *res = NULL; + if (sres == NULL || sres->s == NULL) + { + LM_ERR("invalid result name\n"); + goto error; + } + res = sql_get_result(sres); if(res==NULL) { @@ -843,6 +884,12 @@ void sqlops_reset_result(str *sres) { sql_result_t *res = NULL; + if (sres == NULL || sres->s == NULL) + { + LM_ERR("invalid result name\n"); + return; + } + res = sql_get_result(sres); if(res==NULL) { @@ -861,6 +908,12 @@ int sqlops_do_xquery(sip_msg_t *msg, str *scon, str *squery, str *xavp) { sql_con_t *con = NULL; + if (scon == NULL || scon->s == NULL) + { + LM_ERR("invalid connection name\n"); + goto error; + } + con = sql_get_connection(scon); if(con==NULL) { _______________________________________________ Kamailio (SER) - Development Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
