Skip to content
Snippets Groups Projects
Commit f66edcb8 authored by Josh Roberson's avatar Josh Roberson Committed by twisted
Browse files

cel_pgsql.c: Fix buffer overflow calling libpq 

PQEscapeStringConn() expects the buffer passed in to be an
adequitely sized buffer to write out the escaped SQL value string
into.  It is possible, for large values (such as large values to
Dial with a lot of devices) to have more than our 512+1 byte
allocation and thus cause libpq to create a buffer overrun.

glibc will nicely ABRT asterisk for you, citing a stack smash.

Let's only allocate it to be as large as needed:
If we have a value, then (strlen(value) * 2) + 1 (as recommended
by libpq), and if we have none, just one byte to hold our null
will do.

ASTERISK-26896 #close

Change-Id: If611c734292618ed68dde17816d09dd16667dea2
parent f43cfb81
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 22 additions and 2 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment