From: Naveen Albert Date: Fri, 18 Feb 2022 12:09:47 +0000 (+0000) Subject: func_db: Add validity check for key names when writing. X-Git-Tag: 16.25.0-rc1~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b471b40bc7973f9f0602143945d50c7b0f83afa2;p=thirdparty%2Fasterisk.git func_db: Add validity check for key names when writing. Adds a simple sanity check for key names when users are writing data to AstDB. This captures four cases indicating malformed keynames that generally result in bad data going into the DB that the user didn't intend: an empty key name, a key name beginning or ending with a slash, and a key name containing two slashes in a row. Generally, this is the result of a variable being used in the key name being empty. If a malformed key name is detected, a warning is emitted to indicate the bug in the dialplan. ASTERISK-29925 #close Change-Id: Ifc08a9fe532a519b1b80caca1aafed7611d573bf --- diff --git a/funcs/func_db.c b/funcs/func_db.c index 126e3e9dc5..3f98ed0604 100644 --- a/funcs/func_db.c +++ b/funcs/func_db.c @@ -173,7 +173,13 @@ static int function_db_write(struct ast_channel *chan, const char *cmd, char *pa ast_log(LOG_WARNING, "DB requires an argument, DB(/)=value\n"); return -1; } - + /* + * When keynames are dynamically created using variables, if the variable is empty, this put bad data into the DB. + * In particular, a few cases: an empty key name, a key starting or ending with a /, and a key containing // two slashes. + * If this happens, allow it to go in, but warn the user of the issue and possible data corruption. */ + if (ast_strlen_zero(args.key) || args.key[0] == '/' || args.key[strlen(args.key) - 1] == '/' || strstr(args.key, "//")) { + ast_log(LOG_WARNING, "DB: key '%s' seems malformed\n", args.key); + } if (ast_db_put(args.family, args.key, value)) { ast_log(LOG_WARNING, "DB: Error writing value to database.\n"); }