kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-21 09:10:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that all parts of SQL UPDATEs and DELETEs are encoded.

Browse Source 
Patches:
	res_config_odbc.patch by John Hardin (License #6512)
........

Merged revisions 413304 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@413305 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Mark Michelson
2014-05-06 17:01:30 +00:00
parent b57c1dd870
commit 01731d5566
1 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
res/res_config_odbc.c
View File

@@ -59,6 +59,26 @@ struct custom_prepare_struct {
unsigned long long skip; unsigned long long skip;
}; };
#define ENCODE_CHUNK(buffer, s) \
do { \
char *eptr = buffer; \
const char *vptr = s; \
for (; *vptr && eptr < buffer + sizeof(buffer); vptr++) { \
if (strchr("^;", *vptr)) { \
/* We use ^XX, instead of %XX because '%' is a special character in SQL */ \
snprintf(eptr, buffer + sizeof(buffer) - eptr, "^%02hhX", *vptr); \
eptr += 3; \
} else { \
*eptr++ = *vptr; \
} \
} \
if (eptr < buffer + sizeof(buffer)) { \
*eptr = '\0'; \
} else { \
buffer[sizeof(buffer) - 1] = '\0'; \
} \
} while(0)
static void decode_chunk(char *chunk) static void decode_chunk(char *chunk)
{ {
for (; *chunk; chunk++) { for (; *chunk; chunk++) {
@@ -108,22 +128,7 @@ static SQLHSTMT custom_prepare(struct odbc_obj *obj, void *data)
} }
ast_debug(1, "Parameter %d ('%s') = '%s'\n", x, newparam, newval); ast_debug(1, "Parameter %d ('%s') = '%s'\n", x, newparam, newval);
if (strchr(newval, ';') || strchr(newval, '^')) { if (strchr(newval, ';') || strchr(newval, '^')) {
char *eptr = encodebuf; ENCODE_CHUNK(encodebuf, newval);
const char *vptr = newval;
for (; *vptr && eptr < encodebuf + sizeof(encodebuf); vptr++) {
if (strchr("^;", *vptr)) {
/* We use ^XX, instead of %XX because '%' is a special character in SQL */
snprintf(eptr, encodebuf + sizeof(encodebuf) - eptr, "^%02hhX", *vptr);
eptr += 3;
} else {
*eptr++ = *vptr;
}
}
if (eptr < encodebuf + sizeof(encodebuf)) {
*eptr = '\0';
} else {
encodebuf[sizeof(encodebuf) - 1] = '\0';
}
ast_string_field_set(cps, encoding[x], encodebuf); ast_string_field_set(cps, encoding[x], encodebuf);
newval = cps->encoding[x]; newval = cps->encoding[x];
} }
@@ -131,8 +136,16 @@ static SQLHSTMT custom_prepare(struct odbc_obj *obj, void *data)
} }
va_end(ap); va_end(ap);
if (!ast_strlen_zero(cps->extra)) if (!ast_strlen_zero(cps->extra)) {
if (strchr(cps->extra, ';') || strchr(cps->extra, '^')) {
ENCODE_CHUNK(encodebuf, cps->extra);
SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(encodebuf), 0, (void *)encodebuf, 0, NULL);
}
else {
SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(cps->extra), 0, (void *)cps->extra, 0, NULL); SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(cps->extra), 0, (void *)cps->extra, 0, NULL);
}
}
return stmt; return stmt;
} }