git:master:f83a695d: Revert "db_postgres: Fix heap use after free error in db_postgres module" (after some discussions) - sr-dev

17 Sep 2015

Module: kamailio
Branch: master
Commit: f83a695d70cfd4aea09383e8e235d4184dc1521e
URL: https://github.com/kamailio/kamailio/commit/f83a695d70cfd4aea09383e8e235d418...
Author: Carsten Bock carsten@ng-voice.com
Committer: Carsten Bock carsten@ng-voice.com
Date: 2015-09-17T16:28:59+02:00
Revert "db_postgres: Fix heap use after free error in db_postgres module" (after some discussions)
This reverts commit 74c84c7cd52347fcd1c90e75dca239b5f758169b.
---
Modified: modules/db_postgres/km_pg_con.c
Modified: modules/db_postgres/km_res.c
---
Diff:  https://github.com/kamailio/kamailio/commit/f83a695d70cfd4aea09383e8e235d418...
Patch: https://github.com/kamailio/kamailio/commit/f83a695d70cfd4aea09383e8e235d418...
---

diff --git a/modules/db_postgres/km_pg_con.c b/modules/db_postgres/km_pg_con.c
index d053c55..ec98add 100644
--- a/modules/db_postgres/km_pg_con.c
+++ b/modules/db_postgres/km_pg_con.c
@@ -71,6 +71,10 @@ struct pg_con* db_postgres_new_connection(struct db_id* id)
    memset(ptr, 0, sizeof(struct pg_con));
    ptr->ref = 1;
+	memset(keywords, 0, (sizeof(char*) * 10));
+	memset(values, 0, (sizeof(char*) * 10));
+	memset(to, 0, (sizeof(char) * 16));
+
    if (id->port) {
    	ports = int2str(id->port, 0);
    	keywords[i] = "port";
diff --git a/modules/db_postgres/km_res.c b/modules/db_postgres/km_res.c
index 912206b..e9aa232 100644
--- a/modules/db_postgres/km_res.c
+++ b/modules/db_postgres/km_res.c
@@ -126,14 +126,8 @@ int db_postgres_get_columns(const db1_con_t* _h, db1_res_t* _r)
    			RES_NAMES(_r)[col]);
/* The pointer that is here returned is part of the result structure. */
-		RES_NAMES(_r)[col]->s = pkg_malloc(strlen(PQfname(CON_RESULT(_h), col))+1);
-		if (! RES_NAMES(_r)[col]->s) {
-			LM_ERR("no private memory left\n");
-			db_free_columns(_r);
-			return -4;
-		}
-		strcpy(RES_NAMES(_r)[col]->s, PQfname(CON_RESULT(_h), col));
-		RES_NAMES(_r)[col]->len = strlen(RES_NAMES(_r)[col]->s);
+		RES_NAMES(_r)[col]->s = PQfname(CON_RESULT(_h), col);
+		RES_NAMES(_r)[col]->len = strlen(PQfname(CON_RESULT(_h), col));
LM_DBG("RES_NAMES(%p)[%d]=[%.*s]\n", RES_NAMES(_r)[col], col,
    			RES_NAMES(_r)[col]->len, RES_NAMES(_r)[col]->s);

    