[open-ils-commits] r12632 - trunk/Open-ILS/src/c-apps (scottmk)

svn at svn.open-ils.org svn at svn.open-ils.org
Fri Mar 20 14:55:52 EDT 2009 

Author: scottmk
Date: 2009-03-20 14:55:48 -0400 (Fri, 20 Mar 2009)
New Revision: 12632

Modified:
   trunk/Open-ILS/src/c-apps/oils_cstore.c
Log:
In oils_cstore.c: further tightening input validation.

1. In searchValueTransform(): make sure that the JSON_ARRAY
received as a parameter is not empty.

2. In searchFunctionPredicate(): make sure that the operator
received as a parameter is acceptable, i.e. it isn't an
opportunity for SQL injection.  Also: changed a parameter name
"node_key" to the more descriptive "op".


Modified: trunk/Open-ILS/src/c-apps/oils_cstore.c
===================================================================
--- trunk/Open-ILS/src/c-apps/oils_cstore.c	2009-03-20 18:53:41 UTC (rev 12631)
+++ trunk/Open-ILS/src/c-apps/oils_cstore.c	2009-03-20 18:55:48 UTC (rev 12632)
@@ -1749,16 +1749,18 @@
 // Receive a JSON_ARRAY representing a function call.  The first
 // entry in the array is the function name.  The rest are parameters.
 static char* searchValueTransform( const jsonObject* array ) {
+	
+	if( array->size < 1 ) {
+		osrfLogError(OSRF_LOG_MARK, "%s: Empty array for value transform", MODULENAME);
+		return NULL;
+	}
+	
 	growing_buffer* sql_buf = buffer_init(32);
 
-	jsonObject* func_item;
-	
 	// Get the function name
-	if( array->size > 0 ) {
-		func_item = jsonObjectGetIndex( array, 0 );
-		OSRF_BUFFER_ADD( sql_buf, jsonObjectGetString( func_item ) );
-		OSRF_BUFFER_ADD( sql_buf, "( " );
-	}
+	jsonObject* func_item = jsonObjectGetIndex( array, 0 );
+	OSRF_BUFFER_ADD( sql_buf, jsonObjectGetString( func_item ) );
+	OSRF_BUFFER_ADD( sql_buf, "( " );
 	
 	// Get the parameters
 	int func_item_index = 1;   // We already grabbed the zeroth entry
@@ -1791,8 +1793,13 @@
 }
 
 static char* searchFunctionPredicate (const char* class, osrfHash* field,
-		const jsonObject* node, const char* node_key) {
+		const jsonObject* node, const char* op) {
 
+	if( ! is_good_operator( op ) ) {
+		osrfLogError( OSRF_LOG_MARK, "%s: Invalid operator [%s]", MODULENAME, op );
+		return NULL;
+	}
+	
 	char* val = searchValueTransform(node);
 	if( !val )
 		return NULL;
@@ -1803,7 +1810,7 @@
 		"\"%s\".%s %s %s",
 		class,
 		osrfHashGet(field, "name"),
-		node_key,
+		op,
 		val
 	);

More information about the open-ils-commits mailing list