[open-ils-commits] [GIT] Evergreen ILS branch rel_2_3 updated. 1419b2ae9fa6a6a9e24e98a55d791406c3a882a1

Evergreen Git git at git.evergreen-ils.org
Wed Jan 16 15:02:13 EST 2013 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_2_3 has been updated
       via  1419b2ae9fa6a6a9e24e98a55d791406c3a882a1 (commit)
       via  850d1054e3c0753dc232f3783a92070114f4ff78 (commit)
       via  a17f4a5e3961b049adcb8a556e3fcc9d770ed99f (commit)
       via  955468b71d3cee9c97b27a8ddc90c1a2151aaac8 (commit)
      from  098477e17693160743382d069adfc5bda73bf549 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1419b2ae9fa6a6a9e24e98a55d791406c3a882a1
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Tue Jan 15 11:30:41 2013 -0500

    LP#1098377: protect against even more cstore segfaults
    
    Following up on the preceding patch, passing null
    as the savepoint name to savepoint.release and
    savepoint.rollback would also segfault cstore.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Bill Erickson <berick at esilibrary.com>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index 87a66f9..fb19c72 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -969,6 +969,12 @@ int releaseSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+
+	if (!spName) {
+		osrfLogWarning(OSRF_LOG_MARK, "savepoint.release called with no name");
+		return -1;
+	}
+
 	char *safeSpName = _sanitize_savepoint_name( spName );
 
 	dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", safeSpName );
@@ -1042,6 +1048,12 @@ int rollbackSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+
+	if (!spName) {
+		osrfLogWarning(OSRF_LOG_MARK, "savepoint.rollback called with no name");
+		return -1;
+	}
+
 	char *safeSpName = _sanitize_savepoint_name( spName );
 
 	dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", safeSpName );

commit 850d1054e3c0753dc232f3783a92070114f4ff78
Author: Bill Erickson <berick at esilibrary.com>
Date:   Tue Jan 15 10:58:16 2013 -0500

    Verify savepoint name is non-null
    
    Before we attempt to mangle the name, let's ensure that it's non-null.
    Otherwise, segfaults ensue.
    
    Signed-off-by: Bill Erickson <berick at esilibrary.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index 18a31ab..87a66f9 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -890,6 +890,12 @@ int setSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+
+	if (!spName) {
+		osrfLogWarning(OSRF_LOG_MARK, "savepoint.set called with no name");
+		return -1;
+	}
+
 	char *safeSpName = _sanitize_savepoint_name( spName );
 
 	dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", safeSpName );

commit a17f4a5e3961b049adcb8a556e3fcc9d770ed99f
Author: Dan Scott <dscott at laurentian.ca>
Date:   Fri Jan 11 01:32:13 2013 -0500

    Protect against overly long savepoint names
    
    Per http://postgresql.org/docs/9.1/static/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS,
    the maximum identifier length works out to being 63 bytes (+1 for the
    null terminator), so to avoid potential memory pressure by a 10GB string
    somehow being passed in as the savepoint name, malloc no more than 64
    bytes and copy no more than 63 bytes from the incoming name to the
    escaped name.
    
    Signed-off-by: Dan Scott <dscott at laurentian.ca>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index a1abc6d..18a31ab 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -7280,11 +7280,25 @@ int writeAuditInfo( osrfMethodContext* ctx, const char* user_id, const char* ws_
 static char* _sanitize_savepoint_name( const char* sp ) {
 
 	const char* safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345789_";
-	char* safeSpName = safe_malloc( strlen( sp ) + 1);
+
+	// PostgreSQL uses NAMEDATALEN-1 as a max length for identifiers,
+	// and the default value of NAMEDATALEN is 64; that should be long enough
+	// for our purposes, and it's unlikely that anyone is going to recompile
+	// PostgreSQL to have a smaller value, so cap the identifier name
+	// accordingly to avoid the remote chance that someone manages to pass in a
+	// 12GB savepoint name
+	const int MAX_LITERAL_NAMELEN = 63;
+	int len = 0;
+	len = strlen( sp );
+	if (len > MAX_LITERAL_NAMELEN) {
+		len = MAX_LITERAL_NAMELEN;
+	}
+
+	char* safeSpName = safe_malloc( len + 1 );
 	int i = 0;
 	int j;
 	char* found;
-	for (j = 0; j < strlen( sp ); j++) {
+	for (j = 0; j < len; j++) {
 	found = strchr(safe_chars, sp[j]);
 		if (found) {
 			safeSpName[ i++ ] = found[0];

commit 955468b71d3cee9c97b27a8ddc90c1a2151aaac8
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Fri Jan 11 02:30:50 2013 -0500

    LP#1098377: sanitize savepoint names
    
    When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
    caller supplies a name for the savepoint.  However, the savepoint
    names could be constructed so that the caller could execute
    arbitrary SQL.  This patch sanitizes the name so that it contains
    only alphanumeric and underscore characters.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Dan Scott <dscott at laurentian.ca>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index a2a1d26..a1abc6d 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -145,6 +145,8 @@ static char* modulename = NULL;
 
 int writeAuditInfo( osrfMethodContext* ctx, const char* user_id, const char* ws_id);
 
+static char* _sanitize_savepoint_name( const char* sp );
+
 /**
 	@brief Connect to the database.
 	@return A database connection if successful, or NULL if not.
@@ -888,8 +890,10 @@ int setSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+	char *safeSpName = _sanitize_savepoint_name( spName );
 
-	dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", spName );
+	dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", safeSpName );
+	free( safeSpName );
 	if( !result ) {
 		const char* msg;
 		int errnum = dbi_conn_error( writehandle, &msg );
@@ -959,8 +963,10 @@ int releaseSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+	char *safeSpName = _sanitize_savepoint_name( spName );
 
-	dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", spName );
+	dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", safeSpName );
+	free( safeSpName );
 	if( !result ) {
 		const char* msg;
 		int errnum = dbi_conn_error( writehandle, &msg );
@@ -1030,8 +1036,10 @@ int rollbackSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+	char *safeSpName = _sanitize_savepoint_name( spName );
 
-	dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", spName );
+	dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", safeSpName );
+	free( safeSpName );
 	if( !result ) {
 		const char* msg;
 		int errnum = dbi_conn_error( writehandle, &msg );
@@ -7260,4 +7268,30 @@ int writeAuditInfo( osrfMethodContext* ctx, const char* user_id, const char* ws_
 	return 0;
 }
 
+/**
+	@brief Remove all but safe character from savepoint name
+	@param sp User-supplied savepoint name
+	@return sanitized savepoint name, or NULL
+
+    The caller is expected to free the returned string.  Note that
+    this function exists only because we can't use PQescapeLiteral
+    without either forking libdbi or abandoning it.
+*/
+static char* _sanitize_savepoint_name( const char* sp ) {
+
+	const char* safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345789_";
+	char* safeSpName = safe_malloc( strlen( sp ) + 1);
+	int i = 0;
+	int j;
+	char* found;
+	for (j = 0; j < strlen( sp ); j++) {
+	found = strchr(safe_chars, sp[j]);
+		if (found) {
+			safeSpName[ i++ ] = found[0];
+		}
+	}
+	safeSpName[ i ] = '\0';
+	return safeSpName;
+}
+
 /*@}*/

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/src/c-apps/oils_sql.c |   72 ++++++++++++++++++++++++++++++++++++++--
 1 files changed, 69 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list