Module: kamailio Branch: master Commit: 20febb28402a2e1ef3c23fda6db0825ae64affc6 URL: https://github.com/kamailio/kamailio/commit/20febb28402a2e1ef3c23fda6db0825ae64affc6
Author: Ovidiu Sas <[email protected]> Committer: Ovidiu Sas <[email protected]> Date: 2019-04-30T14:21:38-04:00 db_text: avoid buffer overflow for large names and/or values in db_text files --- Modified: src/modules/db_text/dbt_file.c --- Diff: https://github.com/kamailio/kamailio/commit/20febb28402a2e1ef3c23fda6db0825ae64affc6.diff Patch: https://github.com/kamailio/kamailio/commit/20febb28402a2e1ef3c23fda6db0825ae64affc6.patch --- diff --git a/src/modules/db_text/dbt_file.c b/src/modules/db_text/dbt_file.c index a2d35c2406..8b88ed8074 100644 --- a/src/modules/db_text/dbt_file.c +++ b/src/modules/db_text/dbt_file.c @@ -124,7 +124,7 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn) return NULL; } - buf = pkg_malloc(_db_text_read_buffer_size); + buf = pkg_malloc(_db_text_read_buffer_size+1); if(!buf) { LM_ERR("error allocating read buffer, %i\n", _db_text_read_buffer_size); goto done; @@ -173,6 +173,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn) if(c==EOF) goto clean; buf[bp++] = c; + if (bp==_db_text_read_buffer_size) { + LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]." + " Please increase 'file_buffer_size' param!\n", + path, crow+1, ccol+1, c); + goto clean; + } c = fgetc(fin); } colp = dbt_column_new(buf, bp); @@ -453,6 +459,12 @@ dbt_table_p dbt_load_file(const str *tbn, const str *dbn) } } buf[bp++] = c; + if (bp==_db_text_read_buffer_size) { + LM_ERR("Buffer overflow for file [%s] row=[%d] col=[%d] c=[%c]." + " Please increase 'file_buffer_size' param!\n", + path, crow+1, ccol+1, c); + goto clean; + } c = fgetc(fin); } dtval.val.str_val.s = buf; _______________________________________________ Kamailio (SER) - Development Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
