[OpenSIPS-Devel] [OpenSIPS/opensips] d03f17: cachedb_redis: Use argv API instead of fmt-string ...
Liviu Chircu
noreply at github.com
Wed Apr 20 10:21:23 UTC 2022
Branch: refs/heads/3.2
Home: https://github.com/OpenSIPS/opensips
Commit: d03f17c4dffff5f8b9d114b036ff4d6dc0ad83ba
https://github.com/OpenSIPS/opensips/commit/d03f17c4dffff5f8b9d114b036ff4d6dc0ad83ba
Author: Liviu Chircu <liviu at opensips.org>
Date: 2022-04-20 (Wed, 20 Apr 2022)
Changed paths:
M modules/cachedb_redis/cachedb_redis_dbase.c
Log Message:
-----------
cachedb_redis: Use argv API instead of fmt-string API for raw queries
This change allows "%" to be safely used in raw queries (e.g. maybe some
Redis key contains a random "%" char), while also making the raw query
operation a lot more safe and/or unexploitable from the outside.
Many thanks to David Escartin (Sonoc) for a detailed bug report!
More information about the Devel
mailing list