[open-ils-commits] [GIT] Evergreen ILS branch master updated. 853426f500b57ee6467f6c8225beb5c77f5b963c

Evergreen Git git at git.evergreen-ils.org
Wed Jan 16 15:01:31 EST 2013 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, master has been updated
       via  853426f500b57ee6467f6c8225beb5c77f5b963c (commit)
       via  95533a4516fe3d9de56b7e6fa8ca798f06e26b03 (commit)
       via  8d51da5033f82c668db6b07f1cbec8269e4cd2bc (commit)
       via  ce9d5391b7b51af91a8827ebff555624bca809e4 (commit)
      from  fb9a80bdf082963df053705a0af0bc7585be9979 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 853426f500b57ee6467f6c8225beb5c77f5b963c
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Tue Jan 15 11:30:41 2013 -0500

    LP#1098377: protect against even more cstore segfaults
    
    Following up on the preceding patch, passing null
    as the savepoint name to savepoint.release and
    savepoint.rollback would also segfault cstore.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Bill Erickson <berick at esilibrary.com>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index 18b0f9c..c67362b 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -969,6 +969,12 @@ int releaseSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+
+	if (!spName) {
+		osrfLogWarning(OSRF_LOG_MARK, "savepoint.release called with no name");
+		return -1;
+	}
+
 	char *safeSpName = _sanitize_savepoint_name( spName );
 
 	dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", safeSpName );
@@ -1042,6 +1048,12 @@ int rollbackSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+
+	if (!spName) {
+		osrfLogWarning(OSRF_LOG_MARK, "savepoint.rollback called with no name");
+		return -1;
+	}
+
 	char *safeSpName = _sanitize_savepoint_name( spName );
 
 	dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", safeSpName );

commit 95533a4516fe3d9de56b7e6fa8ca798f06e26b03
Author: Bill Erickson <berick at esilibrary.com>
Date:   Tue Jan 15 10:58:16 2013 -0500

    Verify savepoint name is non-null
    
    Before we attempt to mangle the name, let's ensure that it's non-null.
    Otherwise, segfaults ensue.
    
    Signed-off-by: Bill Erickson <berick at esilibrary.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index d27c272..18b0f9c 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -890,6 +890,12 @@ int setSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+
+	if (!spName) {
+		osrfLogWarning(OSRF_LOG_MARK, "savepoint.set called with no name");
+		return -1;
+	}
+
 	char *safeSpName = _sanitize_savepoint_name( spName );
 
 	dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", safeSpName );

commit 8d51da5033f82c668db6b07f1cbec8269e4cd2bc
Author: Dan Scott <dscott at laurentian.ca>
Date:   Fri Jan 11 01:32:13 2013 -0500

    Protect against overly long savepoint names
    
    Per http://postgresql.org/docs/9.1/static/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS,
    the maximum identifier length works out to being 63 bytes (+1 for the
    null terminator), so to avoid potential memory pressure by a 10GB string
    somehow being passed in as the savepoint name, malloc no more than 64
    bytes and copy no more than 63 bytes from the incoming name to the
    escaped name.
    
    Signed-off-by: Dan Scott <dscott at laurentian.ca>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index 08a390b..d27c272 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -7288,11 +7288,25 @@ int writeAuditInfo( osrfMethodContext* ctx, const char* user_id, const char* ws_
 static char* _sanitize_savepoint_name( const char* sp ) {
 
 	const char* safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345789_";
-	char* safeSpName = safe_malloc( strlen( sp ) + 1);
+
+	// PostgreSQL uses NAMEDATALEN-1 as a max length for identifiers,
+	// and the default value of NAMEDATALEN is 64; that should be long enough
+	// for our purposes, and it's unlikely that anyone is going to recompile
+	// PostgreSQL to have a smaller value, so cap the identifier name
+	// accordingly to avoid the remote chance that someone manages to pass in a
+	// 12GB savepoint name
+	const int MAX_LITERAL_NAMELEN = 63;
+	int len = 0;
+	len = strlen( sp );
+	if (len > MAX_LITERAL_NAMELEN) {
+		len = MAX_LITERAL_NAMELEN;
+	}
+
+	char* safeSpName = safe_malloc( len + 1 );
 	int i = 0;
 	int j;
 	char* found;
-	for (j = 0; j < strlen( sp ); j++) {
+	for (j = 0; j < len; j++) {
 	found = strchr(safe_chars, sp[j]);
 		if (found) {
 			safeSpName[ i++ ] = found[0];

commit ce9d5391b7b51af91a8827ebff555624bca809e4
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Fri Jan 11 02:30:50 2013 -0500

    LP#1098377: sanitize savepoint names
    
    When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
    caller supplies a name for the savepoint.  However, the savepoint
    names could be constructed so that the caller could execute
    arbitrary SQL.  This patch sanitizes the name so that it contains
    only alphanumeric and underscore characters.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Dan Scott <dscott at laurentian.ca>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index a0ba678..08a390b 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -145,6 +145,8 @@ static char* modulename = NULL;
 
 int writeAuditInfo( osrfMethodContext* ctx, const char* user_id, const char* ws_id);
 
+static char* _sanitize_savepoint_name( const char* sp );
+
 /**
 	@brief Connect to the database.
 	@return A database connection if successful, or NULL if not.
@@ -888,8 +890,10 @@ int setSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+	char *safeSpName = _sanitize_savepoint_name( spName );
 
-	dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", spName );
+	dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", safeSpName );
+	free( safeSpName );
 	if( !result ) {
 		const char* msg;
 		int errnum = dbi_conn_error( writehandle, &msg );
@@ -959,8 +963,10 @@ int releaseSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+	char *safeSpName = _sanitize_savepoint_name( spName );
 
-	dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", spName );
+	dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", safeSpName );
+	free( safeSpName );
 	if( !result ) {
 		const char* msg;
 		int errnum = dbi_conn_error( writehandle, &msg );
@@ -1030,8 +1036,10 @@ int rollbackSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+	char *safeSpName = _sanitize_savepoint_name( spName );
 
-	dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", spName );
+	dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", safeSpName );
+	free( safeSpName );
 	if( !result ) {
 		const char* msg;
 		int errnum = dbi_conn_error( writehandle, &msg );
@@ -7268,4 +7276,30 @@ int writeAuditInfo( osrfMethodContext* ctx, const char* user_id, const char* ws_
 	return 0;
 }
 
+/**
+	@brief Remove all but safe character from savepoint name
+	@param sp User-supplied savepoint name
+	@return sanitized savepoint name, or NULL
+
+    The caller is expected to free the returned string.  Note that
+    this function exists only because we can't use PQescapeLiteral
+    without either forking libdbi or abandoning it.
+*/
+static char* _sanitize_savepoint_name( const char* sp ) {
+
+	const char* safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345789_";
+	char* safeSpName = safe_malloc( strlen( sp ) + 1);
+	int i = 0;
+	int j;
+	char* found;
+	for (j = 0; j < strlen( sp ); j++) {
+	found = strchr(safe_chars, sp[j]);
+		if (found) {
+			safeSpName[ i++ ] = found[0];
+		}
+	}
+	safeSpName[ i ] = '\0';
+	return safeSpName;
+}
+
 /*@}*/

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/src/c-apps/oils_sql.c |   72 ++++++++++++++++++++++++++++++++++++++--
 1 files changed, 69 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list