complain if there aren't enough fields

author Alan T. DeKok <aland@freeradius.org>

Wed, 31 Mar 2021 01:54:23 +0000 (21:54 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Wed, 31 Mar 2021 01:54:23 +0000 (21:54 -0400)
author Alan T. DeKok <aland@freeradius.org>
Wed, 31 Mar 2021 01:54:23 +0000 (21:54 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Wed, 31 Mar 2021 01:54:23 +0000 (21:54 -0400)
diff --git a/src/modules/rlm_sql/sql.c b/src/modules/rlm_sql/sql.c

index 3bda868f0c984100bc6c64749d6f58d0c94fe03b..44093ee66bb4edd2dd617b663b5954762a414ff9 100644 (file)
--- a/src/modules/rlm_sql/sql.c
+++ b/src/modules/rlm_sql/sql.c
@@ -68,6 +68,12 @@ int sql_fr_pair_list_afrom_str(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **h
         char buf[MAX_STRING_LEN];
         char do_xlat = 0;
         FR_TOKEN token, op = T_EOL;
+       size_t num_fields = talloc_array_length(row) - 1; /* includes a trailing NULL ptr */
+
+       if (num_fields < 4) {
+               REDEBUG("Insufficient fields for 'id,username,attribute,value,operator'");
+               return -1;
+       }
  
         /*
          *      Verify the 'Attribute' field
@@ -80,7 +86,7 @@ int sql_fr_pair_list_afrom_str(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **h
         /*
          *      Verify the 'op' field
          */
-       if (row[4] != NULL && row[4][0] != '\0') {
+       if ((num_fields >= 4) && row[4] != NULL && row[4][0] != '\0') {
                 ptr = row[4];
                 op = gettoken(&ptr, buf, sizeof(buf), false);
                 if (!fr_assignment_op[op] && !fr_equality_op[op]) {
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 31 Mar 2021 01:54:23 +0000 (21:54 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Wed, 31 Mar 2021 01:54:23 +0000 (21:54 -0400)