]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e34bffa)
dict-sql: Fail early if there's unexpected number of bind arguments for iter
authorSiavash Tavakoli <siavash.tavakoli@open-xchange.com>
Thu, 19 Aug 2021 16:06:42 +0000 (17:06 +0100)
committerSiavash Tavakoli <siavash.tavakoli@open-xchange.com>
Fri, 20 Aug 2021 10:10:59 +0000 (11:10 +0100)
Otherwise, lib-sql raises a panic.

src/lib-dict-backend/dict-sql.c patch | blob | blame | history

diff --git a/src/lib-dict-backend/dict-sql.c b/src/lib-dict-backend/dict-sql.c
index feb52e0b82d42b4bc4ccb6e3dcc8877cd1d70b6a..225da678331baecb494e9434631ba37ba99b60c1 100644 (file)
--- a/src/lib-dict-backend/dict-sql.c
+++ b/src/lib-dict-backend/dict-sql.c
@@ -368,6 +368,11 @@ sql_dict_where_build(const char *username, const struct dict_sql_map *map,
        str_append(query, " WHERE");
        exact_count = count == count2 && recurse_type != SQL_DICT_RECURSE_NONE ?
                count2-1 : count2;
+       if (exact_count != array_count(values_arr)) {
+               *error_r = t_strdup_printf("Key continues past the matched pattern %s", map->pattern);
+               return -1;
+       }
+
        for (i = 0; i < exact_count; i++) {
                if (i > 0)
                        str_append(query, " AND");
Mirror of https://github.com/dovecot/core.git