[CRASH] sql_cacher crashes on empty columns while using db_text #2658

ovidiusas · 2021-10-19T01:01:59Z

OpenSIPS version you are running

opensips 3.2

Describe the traffic that generated the bug
The crash happens on start or while accessing a null value.

The issue is related to strlen (strlen doesn't check for NULL pointers).
The following patch fixes the issue, not sure if the fix should be applied here or while reading the values from the db.
For DB_STRING we should have a valid pointer to an empty string (not just a NULL pointer).

--- a/modules/sql_cacher/sql_cacher.c
+++ b/modules/sql_cacher/sql_cacher.c
@@ -510,7 +510,8 @@ static unsigned int get_cdb_val_size(cache_entry_t *c_entry, db_val_t *values, i
                val_type = VAL_TYPE(values + i);
                switch (val_type) {
                        case DB_STRING:
-                               len += strlen(VAL_STRING(values + i));
+                               if (values[i].val.string_val != NULL)
+                                       len += strlen(VAL_STRING(values + i));
                                break;
                        case DB_STR:
                                len += VAL_STR(values + i).len;
@@ -590,7 +591,10 @@ static int insert_in_cachedb(cache_entry_t *c_entry, db_handlers_t *db_hdls,
                switch (val_type) {
                        case DB_STRING:
                                str_val.s = (char *)VAL_STRING(values + i);
-                               str_val.len = strlen(str_val.s);
+                               if (str_val.s != NULL)
+                                       str_val.len = strlen(str_val.s);
+                               else
+                                       str_val.len = 0;
                                break;
                        case DB_STR:
                                str_val = VAL_STR(values + i);

It seems that rate_cacher might be affected by this issue too (strlen is invoked in a similar way).
Again, this is specific to db_text, which returns empty string values as NULL pointers instead of valid pointers to an empty "\0" string.

The text was updated successfully, but these errors were encountered:

github-actions · 2021-11-03T06:39:53Z

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

ovidiusas · 2021-11-25T15:09:21Z

ping

This prevents crashes in modules which do not check the null flag in the db result before using the string value (eg. doing strlen()). Fixes #2658 (cherry picked from commit ddbec15)

ovidiusas added the bug label Oct 19, 2021

github-actions bot added the stale label Nov 3, 2021

stale bot removed the stale label Nov 25, 2021

rvlad-patrascu self-assigned this Nov 25, 2021

rvlad-patrascu closed this as completed in ddbec15 Dec 2, 2021

rvlad-patrascu added the fixed label Dec 2, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CRASH] sql_cacher crashes on empty columns while using db_text #2658

[CRASH] sql_cacher crashes on empty columns while using db_text #2658

ovidiusas commented Oct 19, 2021

github-actions bot commented Nov 3, 2021

ovidiusas commented Nov 25, 2021

[CRASH] sql_cacher crashes on empty columns while using db_text #2658

[CRASH] sql_cacher crashes on empty columns while using db_text #2658

Comments

ovidiusas commented Oct 19, 2021

github-actions bot commented Nov 3, 2021

ovidiusas commented Nov 25, 2021