[open-ils-commits] [GIT] Evergreen ILS branch rel_2_2 updated. 5b365cb5412a77a9bf38cb82593a72ddc6c070d6

Evergreen Git git at git.evergreen-ils.org
Wed Jan 16 15:02:59 EST 2013 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_2_2 has been updated
       via  5b365cb5412a77a9bf38cb82593a72ddc6c070d6 (commit)
       via  e7692244641bc9d988991f6cb028fd8986030628 (commit)
       via  2ff9dd8e0cad44ed26e46c32b3c291c1ab51dc70 (commit)
       via  067ea0c73cf84bbedf4f6dc4de10a46b479d3b34 (commit)
      from  4bd4977ddd940b295da56b98ce6394010048bc01 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5b365cb5412a77a9bf38cb82593a72ddc6c070d6
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Tue Jan 15 11:30:41 2013 -0500

    LP#1098377: protect against even more cstore segfaults
    
    Following up on the preceding patch, passing null
    as the savepoint name to savepoint.release and
    savepoint.rollback would also segfault cstore.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Bill Erickson <berick at esilibrary.com>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index 18b0f9c..c67362b 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -969,6 +969,12 @@ int releaseSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+
+	if (!spName) {
+		osrfLogWarning(OSRF_LOG_MARK, "savepoint.release called with no name");
+		return -1;
+	}
+
 	char *safeSpName = _sanitize_savepoint_name( spName );
 
 	dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", safeSpName );
@@ -1042,6 +1048,12 @@ int rollbackSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+
+	if (!spName) {
+		osrfLogWarning(OSRF_LOG_MARK, "savepoint.rollback called with no name");
+		return -1;
+	}
+
 	char *safeSpName = _sanitize_savepoint_name( spName );
 
 	dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", safeSpName );

commit e7692244641bc9d988991f6cb028fd8986030628
Author: Bill Erickson <berick at esilibrary.com>
Date:   Tue Jan 15 10:58:16 2013 -0500

    Verify savepoint name is non-null
    
    Before we attempt to mangle the name, let's ensure that it's non-null.
    Otherwise, segfaults ensue.
    
    Signed-off-by: Bill Erickson <berick at esilibrary.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index d27c272..18b0f9c 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -890,6 +890,12 @@ int setSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+
+	if (!spName) {
+		osrfLogWarning(OSRF_LOG_MARK, "savepoint.set called with no name");
+		return -1;
+	}
+
 	char *safeSpName = _sanitize_savepoint_name( spName );
 
 	dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", safeSpName );

commit 2ff9dd8e0cad44ed26e46c32b3c291c1ab51dc70
Author: Dan Scott <dscott at laurentian.ca>
Date:   Fri Jan 11 01:32:13 2013 -0500

    Protect against overly long savepoint names
    
    Per http://postgresql.org/docs/9.1/static/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS,
    the maximum identifier length works out to being 63 bytes (+1 for the
    null terminator), so to avoid potential memory pressure by a 10GB string
    somehow being passed in as the savepoint name, malloc no more than 64
    bytes and copy no more than 63 bytes from the incoming name to the
    escaped name.
    
    Signed-off-by: Dan Scott <dscott at laurentian.ca>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index 08a390b..d27c272 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -7288,11 +7288,25 @@ int writeAuditInfo( osrfMethodContext* ctx, const char* user_id, const char* ws_
 static char* _sanitize_savepoint_name( const char* sp ) {
 
 	const char* safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345789_";
-	char* safeSpName = safe_malloc( strlen( sp ) + 1);
+
+	// PostgreSQL uses NAMEDATALEN-1 as a max length for identifiers,
+	// and the default value of NAMEDATALEN is 64; that should be long enough
+	// for our purposes, and it's unlikely that anyone is going to recompile
+	// PostgreSQL to have a smaller value, so cap the identifier name
+	// accordingly to avoid the remote chance that someone manages to pass in a
+	// 12GB savepoint name
+	const int MAX_LITERAL_NAMELEN = 63;
+	int len = 0;
+	len = strlen( sp );
+	if (len > MAX_LITERAL_NAMELEN) {
+		len = MAX_LITERAL_NAMELEN;
+	}
+
+	char* safeSpName = safe_malloc( len + 1 );
 	int i = 0;
 	int j;
 	char* found;
-	for (j = 0; j < strlen( sp ); j++) {
+	for (j = 0; j < len; j++) {
 	found = strchr(safe_chars, sp[j]);
 		if (found) {
 			safeSpName[ i++ ] = found[0];

commit 067ea0c73cf84bbedf4f6dc4de10a46b479d3b34
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Fri Jan 11 02:30:50 2013 -0500

    LP#1098377: sanitize savepoint names
    
    When invoking open-ils.{cstore,pcrud,rstore}.savepoint.*, the
    caller supplies a name for the savepoint.  However, the savepoint
    names could be constructed so that the caller could execute
    arbitrary SQL.  This patch sanitizes the name so that it contains
    only alphanumeric and underscore characters.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Dan Scott <dscott at laurentian.ca>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index a0ba678..08a390b 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -145,6 +145,8 @@ static char* modulename = NULL;
 
 int writeAuditInfo( osrfMethodContext* ctx, const char* user_id, const char* ws_id);
 
+static char* _sanitize_savepoint_name( const char* sp );
+
 /**
 	@brief Connect to the database.
 	@return A database connection if successful, or NULL if not.
@@ -888,8 +890,10 @@ int setSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+	char *safeSpName = _sanitize_savepoint_name( spName );
 
-	dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", spName );
+	dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", safeSpName );
+	free( safeSpName );
 	if( !result ) {
 		const char* msg;
 		int errnum = dbi_conn_error( writehandle, &msg );
@@ -959,8 +963,10 @@ int releaseSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+	char *safeSpName = _sanitize_savepoint_name( spName );
 
-	dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", spName );
+	dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", safeSpName );
+	free( safeSpName );
 	if( !result ) {
 		const char* msg;
 		int errnum = dbi_conn_error( writehandle, &msg );
@@ -1030,8 +1036,10 @@ int rollbackSavepoint( osrfMethodContext* ctx ) {
 
 	// Get the savepoint name from the method params
 	const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
+	char *safeSpName = _sanitize_savepoint_name( spName );
 
-	dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", spName );
+	dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", safeSpName );
+	free( safeSpName );
 	if( !result ) {
 		const char* msg;
 		int errnum = dbi_conn_error( writehandle, &msg );
@@ -7268,4 +7276,30 @@ int writeAuditInfo( osrfMethodContext* ctx, const char* user_id, const char* ws_
 	return 0;
 }
 
+/**
+	@brief Remove all but safe character from savepoint name
+	@param sp User-supplied savepoint name
+	@return sanitized savepoint name, or NULL
+
+    The caller is expected to free the returned string.  Note that
+    this function exists only because we can't use PQescapeLiteral
+    without either forking libdbi or abandoning it.
+*/
+static char* _sanitize_savepoint_name( const char* sp ) {
+
+	const char* safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345789_";
+	char* safeSpName = safe_malloc( strlen( sp ) + 1);
+	int i = 0;
+	int j;
+	char* found;
+	for (j = 0; j < strlen( sp ); j++) {
+	found = strchr(safe_chars, sp[j]);
+		if (found) {
+			safeSpName[ i++ ] = found[0];
+		}
+	}
+	safeSpName[ i ] = '\0';
+	return safeSpName;
+}
+
 /*@}*/

-----------------------------------------------------------------------

Summary of changes:
 Open-ILS/src/c-apps/oils_sql.c |   72 ++++++++++++++++++++++++++++++++++++++--
 1 files changed, 69 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list