cel_pgsql.c: Fix buffer overflow calling libpq - asterisk.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Josh Roberson <josh@asteriasgi.com>	2017-03-27 11:49:08 -0500
committer	Sean Bright <sean.bright@gmail.com>	2017-03-27 15:51:44 -0400
commit	bb68f57a03c0639663aa20d95fcdc16a4c1ff094 (patch)
tree	be012b8ca632b95c66d568a13c69b9a88f39f9a5 /contrib/realtime/oracle
parent	552cf009c0939c8b6597708135412bdc596df4bb (diff)

cel_pgsql.c: Fix buffer overflow calling libpq

PQEscapeStringConn() expects the buffer passed in to be an adequitely sized buffer to write out the escaped SQL value string into. It is possible, for large values (such as large values to Dial with a lot of devices) to have more than our 512+1 byte allocation and thus cause libpq to create a buffer overrun. glibc will nicely ABRT asterisk for you, citing a stack smash. Let's only allocate it to be as large as needed: If we have a value, then (strlen(value) * 2) + 1 (as recommended by libpq), and if we have none, just one byte to hold our null will do. ASTERISK-26896 #close Change-Id: If611c734292618ed68dde17816d09dd16667dea2

Diffstat (limited to 'contrib/realtime/oracle')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: