diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2021-11-30 10:55:41 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-12-06 22:12:55 +0100 |
commit | d429162387ce4fe12e7e35d911680cb1c37f2cd2 (patch) | |
tree | e40665b21aa597cb99dfc2242501dea6b677cc2b /output | |
parent | 0a9fa5603a435afed955f5458a17331b7f2f18ca (diff) |
output: DBI: fix NUL-termination of escaped SQL string
On error, `dbi_conn_quote_string_copy` returns zero. In this case, we
need to set `*dst` to NUL. Handle a return-value of `2` as normal
below. `1` is never returned.
Replace `strncpy` with `memcpy`: using `strncpy` is nearly always a
mistake, and we don't need its special behaviour here.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'output')
-rw-r--r-- | output/dbi/ulogd_output_DBI.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/output/dbi/ulogd_output_DBI.c b/output/dbi/ulogd_output_DBI.c index fff9abc..57e3058 100644 --- a/output/dbi/ulogd_output_DBI.c +++ b/output/dbi/ulogd_output_DBI.c @@ -236,18 +236,20 @@ static int escape_string_dbi(struct ulogd_pluginstance *upi, } ret = dbi_conn_quote_string_copy(pi->dbh, src, &newstr); - if (ret <= 2) + if (ret == 0) { + *dst = '\0'; return 0; + } /* dbi_conn_quote_string_copy returns a quoted string, * but __interp_db already quotes the string * So we return a string without the quotes */ - strncpy(dst,newstr+1,ret-2); - dst[ret-2] = '\0'; + memcpy(dst, newstr + 1, ret - 2); + dst[ret - 2] = '\0'; free(newstr); - return (ret-2); + return ret - 2; } static int execute_dbi(struct ulogd_pluginstance *upi, |