git:5.0:0bf66e01: db_text: avoid buffer overflow for large names and/or values in db_text files
Module: kamailio Branch: 5.0 Commit: 0bf66e01329d4cfe8810586bb3735fbb11dbb0e0 URL: https://github.com/kamailio/kamailio/commit/0bf66e01329d4cfe8810586bb3735fbb...
Author: Ovidiu Sas osas@voipembedded.com Committer: Ovidiu Sas osas@voipembedded.com Date: 2019-05-10T10:14:31-04:00
db_text: avoid buffer overflow for large names and/or values in db_text files
(cherry picked from commit 20febb28402a2e1ef3c23fda6db0825ae64affc6)
---
Modified: src/modules/db_text/dbt_file.c
---
Diff: https://github.com/kamailio/kamailio/commit/0bf66e01329d4cfe8810586bb3735fbb... Patch: https://github.com/kamailio/kamailio/commit/0bf66e01329d4cfe8810586bb3735fbb...
---
diff --git a/src/modules/db_text/dbt_file.c b/src/modules/db_text/dbt_file.c index 66984bae5a..4a6a8a95e5 100644 --- a/src/modules/db_text/dbt_file.c +++ b/src/modules/db_text/dbt_file.c @@ -124,7 +124,7 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn) return NULL; }
- buf = pkg_malloc(_db_text_read_buffer_size); + buf = pkg_malloc(_db_text_read_buffer_size+1); if(!buf) { LM_ERR("error allocating read buffer, %i\n", _db_text_read_buffer_size); goto done; @@ -173,6 +173,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn) if(c==EOF) goto clean; buf[bp++] = c; + if (bp==_db_text_read_buffer_size) { + LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]." + " Please increase 'file_buffer_size' param!\n", + path, crow+1, ccol+1, c); + goto clean; + } c = fgetc(fin); } colp = dbt_column_new(buf, bp); @@ -454,6 +460,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn) } } buf[bp++] = c; + if (bp==_db_text_read_buffer_size) { + LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]." + " Please increase 'file_buffer_size' param!\n", + path, crow+1, ccol+1, c); + goto clean; + } c = fgetc(fin); } dtval.val.str_val.s = buf;
-
Ovidiu Sas