From d429162387ce4fe12e7e35d911680cb1c37f2cd2 Mon Sep 17 00:00:00 2001 From: Jeremy Sowden Date: Tue, 30 Nov 2021 10:55:41 +0000 Subject: output: DBI: fix NUL-termination of escaped SQL string On error, `dbi_conn_quote_string_copy` returns zero. In this case, we need to set `*dst` to NUL. Handle a return-value of `2` as normal below. `1` is never returned. Replace `strncpy` with `memcpy`: using `strncpy` is nearly always a mistake, and we don't need its special behaviour here. Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso --- output/dbi/ulogd_output_DBI.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'output') diff --git a/output/dbi/ulogd_output_DBI.c b/output/dbi/ulogd_output_DBI.c index fff9abc..57e3058 100644 --- a/output/dbi/ulogd_output_DBI.c +++ b/output/dbi/ulogd_output_DBI.c @@ -236,18 +236,20 @@ static int escape_string_dbi(struct ulogd_pluginstance *upi, } ret = dbi_conn_quote_string_copy(pi->dbh, src, &newstr); - if (ret <= 2) + if (ret == 0) { + *dst = '\0'; return 0; + } /* dbi_conn_quote_string_copy returns a quoted string, * but __interp_db already quotes the string * So we return a string without the quotes */ - strncpy(dst,newstr+1,ret-2); - dst[ret-2] = '\0'; + memcpy(dst, newstr + 1, ret - 2); + dst[ret - 2] = '\0'; free(newstr); - return (ret-2); + return ret - 2; } static int execute_dbi(struct ulogd_pluginstance *upi, -- cgit v1.2.3