From: Tilghman Lesher Date: Thu, 11 Mar 2010 19:21:19 +0000 (+0000) Subject: Verify whether the created buffer was actually large enough to hold the expanded... X-Git-Tag: 1.6.1.19-rc1~55 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6c104ca796958d5ad625a545d40fa266213b5b2;p=thirdparty%2Fasterisk.git Verify whether the created buffer was actually large enough to hold the expanded value. For certain types of queries, where the size of the substituted query was much larger than the template, it was possible for the substitution buffer to be too small. This is only an issue in 1.6.1, as previously we used a static buffer anyway, and we have a substitution routine in 1.6.2 forward that automatically sizes itself appropriately to handle larger expansions. (closes issue #17006) Reported by: viniciusfontes Patches: 20100311__issue17006.diff.txt uploaded by tilghman (license 14) Tested by: tilghman git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.1@251875 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/funcs/func_odbc.c b/funcs/func_odbc.c index 129a1b8ef4..40d29554dd 100644 --- a/funcs/func_odbc.c +++ b/funcs/func_odbc.c @@ -169,8 +169,6 @@ static int acf_odbc_write(struct ast_channel *chan, const char *cmd, char *s, co if (chan) ast_autoservice_start(chan); - ast_str_make_space(&buf, strlen(query->sql_write) * 2); - /* Parse our arguments */ t = value ? ast_strdupa(value) : ""; @@ -201,7 +199,11 @@ static int acf_odbc_write(struct ast_channel *chan, const char *cmd, char *s, co /* Additionally set the value as a whole (but push an empty string if value is NULL) */ pbx_builtin_pushvar_helper(chan, "VALUE", value ? value : ""); - pbx_substitute_variables_helper(chan, query->sql_write, buf->str, buf->len - 1); + do { + ast_str_make_space(&buf, 2 * (strlen(query->sql_write) > ast_str_size(buf) ? strlen(query->sql_write) : ast_str_size(buf))); + pbx_substitute_variables_helper(chan, query->sql_write, ast_str_buffer(buf), ast_str_size(buf) - 1); + ast_str_update(buf); + } while (ast_str_strlen(buf) > ast_str_size(buf) - 5); /* Restore prior values */ for (i = 0; i < args.argc; i++) { @@ -308,8 +310,11 @@ static int acf_odbc_read(struct ast_channel *chan, const char *cmd, char *s, cha pbx_builtin_pushvar_helper(chan, varname, args.field[x]); } - ast_str_make_space(&sql, strlen(query->sql_read) * 2); - pbx_substitute_variables_helper(chan, query->sql_read, sql->str, sql->len - 1); + do { + ast_str_make_space(&sql, 2 * (strlen(query->sql_read) > ast_str_size(sql) ? strlen(query->sql_read) : ast_str_size(sql))); + pbx_substitute_variables_helper(chan, query->sql_read, ast_str_buffer(sql), ast_str_size(sql) - 1); + ast_str_update(sql); + } while (ast_str_strlen(sql) > ast_str_size(sql) - 5); /* Restore prior values */ for (x = 0; x < args.argc; x++) {