[OpenSIPS-Devel] [OpenSIPS/opensips] 229fb5: cachedb_redis: Use argv API instead of fmt-string ...
Liviu Chircu
noreply at github.com
Wed Apr 20 09:58:02 UTC 2022
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: 229fb548bf3341bf5a68eeee9f51dceeee0998c7
https://github.com/OpenSIPS/opensips/commit/229fb548bf3341bf5a68eeee9f51dceeee0998c7
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-04-20 (Wed, 20 Apr 2022)
Changed paths:
M modules/cachedb_redis/cachedb_redis_dbase.c
Log Message:
-----------
cachedb_redis: Use argv API instead of fmt-string API for raw queries
This change allows "%" to be safely used in raw queries (e.g. maybe some
Redis key contains a random "%" char), while also making the raw query
operation a lot more safe and/or unexploitable from the outside.
Many thanks to David Escartin (Sonoc) for a detailed bug report!
More information about the Devel
mailing list