[OpenSIPS-Devel] [opensips] modules/db_sqlite: error loading drouting (#471)
nixon
notifications at github.com
Tue Apr 21 08:24:18 CEST 2015
(I've never used opensips, and I haven't done any C coding in a decade.)
It seems to me that `new_db_id` takes a `str*` and assigns it to the `char* url` member of a `db_id` struct. However, the `str*` relies on its `len` member, but the `url` member assumes a null-terminated string. When the `db_id->url` is later passed to `sqlite3_open`, there's no guarantee that the string was null-terminated.
Is something like the following patch needed to ensure that `db_id` is always null-terminated for `sqlite3_open`?
```
diff --git a/db/db_id.c b/db/db_id.c
index 9efc0eb..c470324 100644
--- a/db/db_id.c
+++ b/db/db_id.c
@@ -240,7 +240,9 @@ struct db_id* new_db_id(const str* url)
}
/* store the original url */
- ptr->url = url->s;
+ ptr->url = pkg_malloc(url->len+1);
+ strncpy(ptr->url, url->s, url->len);
+ ptr->url[url->len] = '\0';
return ptr;
@@ -291,5 +293,6 @@ void free_db_id(struct db_id* id)
if (id->password) pkg_free(id->password);
if (id->host) pkg_free(id->host);
if (id->database) pkg_free(id->database);
+ if (id->url) pkg_free(id->url);
pkg_free(id);
}
```
I butchered up `main.c` to create a simple testcase. Without the above patch, the `assert` fails. With the patch, the `id->url` returned from `new_db_id` is what I would expect.
```
diff --git a/main.c b/main.c
index c44ebf2..4ebe8a0 100644
--- a/main.c
+++ b/main.c
@@ -770,8 +770,29 @@ error:
* \return don't return on sucess, -1 on error
* \see main_loop
*/
+#include <assert.h>
int main(int argc, char** argv)
{
+ str s;
+ struct db_id* id;
+
+ /*init pkg mallocs (before parsing cfg but after parsing cmd line !)*/
+ if (init_pkg_mallocs()==-1)
+ goto error00;
+
+ // create a str object with a length of 23, but a longer string to
+ // simulate unallocated memory
+ // 11111111112222
+ // 12345678901234567890123
+ s.s = "sqlite://tmp/0123456789ABCDEF";
+ s.len = 13 +10;
+
+ id = new_db_id(&s);
+
+ assert( strcmp(id->url, "sqlite://tmp/0123456789") == 0 );
+ exit(0);
+
+
```
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/471#issuecomment-94652782
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/devel/attachments/20150420/76440d1c/attachment.htm>
More information about the Devel
mailing list