<p>(I've never used opensips, and I haven't done any C coding in a decade.)</p>
<p>It seems to me that <code>new_db_id</code> takes a <code>str*</code> and assigns it to the <code>char* url</code> member of a <code>db_id</code> struct. However, the <code>str*</code> relies on its <code>len</code> member, but the <code>url</code> member assumes a null-terminated string. When the <code>db_id->url</code> is later passed to <code>sqlite3_open</code>, there's no guarantee that the string was null-terminated.</p>
<p>Is something like the following patch needed to ensure that <code>db_id</code> is always null-terminated for <code>sqlite3_open</code>?</p>
<pre><code>diff --git a/db/db_id.c b/db/db_id.c
index 9efc0eb..c470324 100644
--- a/db/db_id.c
+++ b/db/db_id.c
@@ -240,7 +240,9 @@ struct db_id* new_db_id(const str* url)
}
/* store the original url */
- ptr->url = url->s;
+ ptr->url = pkg_malloc(url->len+1);
+ strncpy(ptr->url, url->s, url->len);
+ ptr->url[url->len] = '\0';
return ptr;
@@ -291,5 +293,6 @@ void free_db_id(struct db_id* id)
if (id->password) pkg_free(id->password);
if (id->host) pkg_free(id->host);
if (id->database) pkg_free(id->database);
+ if (id->url) pkg_free(id->url);
pkg_free(id);
}
</code></pre>
<p>I butchered up <code>main.c</code> to create a simple testcase. Without the above patch, the <code>assert</code> fails. With the patch, the <code>id->url</code> returned from <code>new_db_id</code> is what I would expect.</p>
<pre><code>diff --git a/main.c b/main.c
index c44ebf2..4ebe8a0 100644
--- a/main.c
+++ b/main.c
@@ -770,8 +770,29 @@ error:
* \return don't return on sucess, -1 on error
* \see main_loop
*/
+#include <assert.h>
int main(int argc, char** argv)
{
+ str s;
+ struct db_id* id;
+
+ /*init pkg mallocs (before parsing cfg but after parsing cmd line !)*/
+ if (init_pkg_mallocs()==-1)
+ goto error00;
+
+ // create a str object with a length of 23, but a longer string to
+ // simulate unallocated memory
+ // 11111111112222
+ // 12345678901234567890123
+ s.s = "sqlite://tmp/0123456789ABCDEF";
+ s.len = 13 +10;
+
+ id = new_db_id(&s);
+
+ assert( strcmp(id->url, "sqlite://tmp/0123456789") == 0 );
+ exit(0);
+
+
</code></pre>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>Reply to this email directly or <a href="https://github.com/OpenSIPS/opensips/issues/471#issuecomment-94652782">view it on GitHub</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AFOciZpN-Yu5svMIcteK4FKCA58s_28Rks5oBeSSgaJpZM4EDZbV.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
<link itemprop="url" href="https://github.com/OpenSIPS/opensips/issues/471#issuecomment-94652782"></link>
<meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>