diff options
author | zuul <zuul@gerrit.asterisk.org> | 2016-02-24 18:26:06 -0600 |
---|---|---|
committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2016-02-24 18:26:07 -0600 |
commit | d6b2c1d98ef62eb3c69d0b5ec65423a0438310d5 (patch) | |
tree | d7b85f6ac6adc84bbaa9a3246e7905ca74ccab9d | |
parent | 6f080f15d6cc4d0ea16a7588443fb2f23a360834 (diff) | |
parent | b7970cabfab31408b55c4797fa260525465811e6 (diff) |
Merge "res_config_sqlite3: Fix crashes when reading peers from sqlite3 tables"
-rw-r--r-- | res/res_config_sqlite3.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/res/res_config_sqlite3.c b/res/res_config_sqlite3.c index 0b0a78cf4..a30612368 100644 --- a/res/res_config_sqlite3.c +++ b/res/res_config_sqlite3.c @@ -127,8 +127,14 @@ static inline const char *sqlite3_escape_string_helper(struct ast_threadstorage * add two quotes, and convert NULL pointers to the word "NULL", but we * don't allow those anyway. Just going to use %q for now. */ struct ast_str *buf = ast_str_thread_get(ts, maxlen); - char *tmp = ast_str_buffer(buf); char q = ts == &escape_value_buf ? '\'' : '"'; + char *tmp; + + if (ast_str_size(buf) < maxlen) { + /* realloc if buf is too small */ + ast_str_make_space(&buf, maxlen); + } + tmp = ast_str_buffer(buf); ast_str_reset(buf); *tmp++ = q; /* Initial quote */ @@ -160,9 +166,15 @@ static const char *sqlite3_escape_column_op(const char *param) { size_t maxlen = strlen(param) * 2 + sizeof("\"\" ="); struct ast_str *buf = ast_str_thread_get(&escape_column_buf, maxlen); - char *tmp = ast_str_buffer(buf); + char *tmp; int space = 0; + if (ast_str_size(buf) < maxlen) { + /* realloc if buf is too small */ + ast_str_make_space(&buf, maxlen); + } + tmp = ast_str_buffer(buf); + ast_str_reset(buf); *tmp++ = '"'; while ((*tmp++ = *param++)) { |