[open-ils-commits] r12508 - trunk/Open-ILS/src/c-apps (scottmk)

svn at svn.open-ils.org svn at svn.open-ils.org
Fri Mar 13 00:00:36 EDT 2009 

Author: scottmk
Date: 2009-03-13 00:00:33 -0400 (Fri, 13 Mar 2009)
New Revision: 12508

Modified:
   trunk/Open-ILS/src/c-apps/oils_cstore.c
Log:
Tightened the input validation in searchWHERE().  It now complains
about an empty JSON object or empty JSON array, instead of 
constructing a doomed WHERE clause.


Modified: trunk/Open-ILS/src/c-apps/oils_cstore.c
===================================================================
--- trunk/Open-ILS/src/c-apps/oils_cstore.c	2009-03-13 02:32:07 UTC (rev 12507)
+++ trunk/Open-ILS/src/c-apps/oils_cstore.c	2009-03-13 04:00:33 UTC (rev 12508)
@@ -2293,11 +2293,22 @@
 
 	jsonObject* node = NULL;
 
-    int first = 1;
-    if ( search_hash->type == JSON_ARRAY ) {
-	    osrfLogDebug(OSRF_LOG_MARK, "%s: In WHERE clause, condition type is JSON_ARRAY", MODULENAME);
-        jsonIterator* search_itr = jsonNewIterator( search_hash );
-        while ( (node = jsonIteratorNext( search_itr )) ) {
+	int first = 1;
+	if ( search_hash->type == JSON_ARRAY ) {
+		osrfLogDebug(OSRF_LOG_MARK, "%s: In WHERE clause, condition type is JSON_ARRAY", MODULENAME);
+		jsonIterator* search_itr = jsonNewIterator( search_hash );
+		if( !jsonIteratorHasNext( search_itr ) ) {
+			osrfLogError(
+				OSRF_LOG_MARK,
+				"%s: Invalid predicate structure: empty JSON array",
+				MODULENAME
+			);
+			jsonIteratorFree( search_itr );
+			buffer_free( sql_buf );
+			return NULL;
+		}
+
+		while ( (node = jsonIteratorNext( search_itr )) ) {
             if (first) {
                 first = 0;
             } else {
@@ -2311,11 +2322,22 @@
         }
         jsonIteratorFree(search_itr);
 
-    } else if ( search_hash->type == JSON_HASH ) {
-	    osrfLogDebug(OSRF_LOG_MARK, "%s: In WHERE clause, condition type is JSON_HASH", MODULENAME);
-        jsonIterator* search_itr = jsonNewIterator( search_hash );
-        while ( (node = jsonIteratorNext( search_itr )) ) {
+	} else if ( search_hash->type == JSON_HASH ) {
+		osrfLogDebug(OSRF_LOG_MARK, "%s: In WHERE clause, condition type is JSON_HASH", MODULENAME);
+		jsonIterator* search_itr = jsonNewIterator( search_hash );
+		if( !jsonIteratorHasNext( search_itr ) ) {
+			osrfLogError(
+				OSRF_LOG_MARK,
+				"%s: Invalid predicate structure: empty JSON object",
+				MODULENAME
+			);
+			jsonIteratorFree( search_itr );
+			buffer_free( sql_buf );
+			return NULL;
+		}
 
+		while ( (node = jsonIteratorNext( search_itr )) ) {
+
             if (first) {
                 first = 0;
             } else {

More information about the open-ils-commits mailing list