[sr-dev] git:5.1:dab49483: ndb_redis: detect argument specifiers for redis_cmd() with three params

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[sr-dev] git:5.1:dab49483: ndb_redis: detect argument specifiers for redis_cmd() with three params

Daniel-Constantin Mierla
Module: kamailio
Branch: 5.1
Commit: dab49483e419dd810c7b5133bf64063df0ad6696
URL: https://github.com/kamailio/kamailio/commit/dab49483e419dd810c7b5133bf64063df0ad6696

Author: Daniel-Constantin Mierla <[hidden email]>
Committer: Daniel-Constantin Mierla <[hidden email]>
Date: 2017-12-04T09:26:00+01:00

ndb_redis: detect argument specifiers for redis_cmd() with three params

- check if %s or %d is part of the command, because it makes the redis
api expect more params to the commands and can crash if none is found
- reported by GH #1342

(cherry picked from commit 75bbbe4059cb6fde4c74fa9157f400a24e6f7496)

---

Modified: src/modules/ndb_redis/ndb_redis_mod.c

---

Diff:  https://github.com/kamailio/kamailio/commit/dab49483e419dd810c7b5133bf64063df0ad6696.diff
Patch: https://github.com/kamailio/kamailio/commit/dab49483e419dd810c7b5133bf64063df0ad6696.patch

---

diff --git a/src/modules/ndb_redis/ndb_redis_mod.c b/src/modules/ndb_redis/ndb_redis_mod.c
index 64f2b46897..e984a902bd 100644
--- a/src/modules/ndb_redis/ndb_redis_mod.c
+++ b/src/modules/ndb_redis/ndb_redis_mod.c
@@ -177,6 +177,7 @@ static int w_redis_cmd3(struct sip_msg* msg, char* ssrv, char* scmd,
  char* sres)
 {
  str s[3];
+ int i;
 
  if(fixup_get_svalue(msg, (gparam_t*)ssrv, &s[0])!=0)
  {
@@ -188,6 +189,14 @@ static int w_redis_cmd3(struct sip_msg* msg, char* ssrv, char* scmd,
  LM_ERR("no redis command\n");
  return -1;
  }
+ for(i=0; i<s[1].len-1; i++) {
+ if(s[1].s[i]=='%') {
+ if(s[1].s[i+1]=='s' || s[1].s[i+1]=='b') {
+ LM_ERR("command argument specifier found, but no params\n");
+ return -1;
+ }
+ }
+ }
  if(fixup_get_svalue(msg, (gparam_t*)sres, &s[2])!=0)
  {
  LM_ERR("no redis reply name\n");
@@ -928,6 +937,19 @@ int bind_ndb_redis(ndb_redis_api_t *api)
  */
 static int ki_redis_cmd(sip_msg_t *msg, str *srv, str *rcmd, str *sres)
 {
+ int i;
+ if(rcmd==NULL || rcmd->s==NULL) {
+ LM_ERR("invalid command\n");
+ return -1;
+ }
+ for(i=0; i<rcmd->len-1; i++) {
+ if(rcmd->s[i]=='%') {
+ if(rcmd->s[i+1]=='s' || rcmd->s[i+1]=='b') {
+ LM_ERR("command argument specifier found, but no params\n");
+ return -1;
+ }
+ }
+ }
  return redisc_exec(srv, sres, rcmd);
 }
 
@@ -1007,4 +1029,4 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2)
 {
  sr_kemi_modules_add(sr_kemi_ndb_redis_exports);
  return 0;
-}
\ No newline at end of file
+}


_______________________________________________
Kamailio (SER) - Development Mailing List
[hidden email]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev