mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-29 02:57:23 +00:00
f66edcb8b0
PQEscapeStringConn() expects the buffer passed in to be an adequitely sized buffer to write out the escaped SQL value string into. It is possible, for large values (such as large values to Dial with a lot of devices) to have more than our 512+1 byte allocation and thus cause libpq to create a buffer overrun. glibc will nicely ABRT asterisk for you, citing a stack smash. Let's only allocate it to be as large as needed: If we have a value, then (strlen(value) * 2) + 1 (as recommended by libpq), and if we have none, just one byte to hold our null will do. ASTERISK-26896 #close Change-Id: If611c734292618ed68dde17816d09dd16667dea2