[Pkg-voip-commits] r4905 - in /asterisk/branches/etch/debian: changelog patches/00list patches/AST-2007-026.dpatch
paravoid at alioth.debian.org
paravoid at alioth.debian.org
Thu Nov 29 22:29:35 UTC 2007
Author: paravoid
Date: Thu Nov 29 22:29:35 2007
New Revision: 4905
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=4905
Log:
* cdr/cdr_pgsql.c: properly escape src and dst to avoid SQL injections
(AST-2007-026).
Added:
asterisk/branches/etch/debian/patches/AST-2007-026.dpatch
Modified:
asterisk/branches/etch/debian/changelog
asterisk/branches/etch/debian/patches/00list
Modified: asterisk/branches/etch/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/changelog?rev=4905&op=diff
==============================================================================
--- asterisk/branches/etch/debian/changelog (original)
+++ asterisk/branches/etch/debian/changelog Thu Nov 29 22:29:35 2007
@@ -1,3 +1,10 @@
+asterisk (1:1.2.13~dfsg-2etch2) stable-security; urgency=low
+
+ * cdr/cdr_pgsql.c: properly escape src and dst to avoid SQL injections
+ (AST-2007-026).
+
+ -- Faidon Liambotis <paravoid at debian.org> Fri, 30 Nov 2007 00:28:55 +0200
+
asterisk (1:1.2.13~dfsg-2etch1) stable-security; urgency=high
* Add myself to Uploaders to mark this as a maintainer upload.
Modified: asterisk/branches/etch/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/00list?rev=4905&op=diff
==============================================================================
--- asterisk/branches/etch/debian/patches/00list (original)
+++ asterisk/branches/etch/debian/patches/00list Thu Nov 29 22:29:35 2007
@@ -7,6 +7,7 @@
CVE-2007-2488.dpatch
ASA-2007-015.dpatch
ASA-2007-016.dpatch
+AST-2007-026.dpatch
# ukcid probably conflicts with bristuff
ukcid
option_detach
Added: asterisk/branches/etch/debian/patches/AST-2007-026.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/AST-2007-026.dpatch?rev=4905&op=file
==============================================================================
--- asterisk/branches/etch/debian/patches/AST-2007-026.dpatch (added)
+++ asterisk/branches/etch/debian/patches/AST-2007-026.dpatch Thu Nov 29 22:29:35 2007
@@ -1,0 +1,72 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## AST-2007-026.dpatch by Faidon Liambotis <paravoid at debian.org>
+##
+## DP: cdr_pgsql: properly escape src and dst, avoiding SQL injections
+## DP: upstream's r90170
+## DP: Security fix, AST-2007-026
+
+ at DPATCH@
+Index: cdr/cdr_pgsql.c
+===================================================================
+--- cdr/cdr_pgsql.c (revision 90169)
++++ cdr/cdr_pgsql.c (revision 90170)
+@@ -72,6 +72,7 @@
+ struct tm tm;
+ char sqlcmd[2048] = "", timestr[128];
+ char *pgerror;
++ int pgerr;
+
+ ast_mutex_lock(&pgsql_lock);
+
+@@ -91,28 +92,32 @@
+
+ if (connected) {
+ char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL;
+- char *uniqueid=NULL, *userfield=NULL;
++ char *uniqueid=NULL, *userfield=NULL, *src=NULL, *dst=NULL;
+
+ /* Maximum space needed would be if all characters needed to be escaped, plus a trailing NULL */
+ if ((clid = alloca(strlen(cdr->clid) * 2 + 1)) != NULL)
+- PQescapeString(clid, cdr->clid, strlen(cdr->clid));
++ PQescapeStringConn(conn, clid, cdr->clid, strlen(cdr->clid), &pgerr);
+ if ((dcontext = alloca(strlen(cdr->dcontext) * 2 + 1)) != NULL)
+- PQescapeString(dcontext, cdr->dcontext, strlen(cdr->dcontext));
++ PQescapeStringConn(conn, dcontext, cdr->dcontext, strlen(cdr->dcontext), &pgerr);
+ if ((channel = alloca(strlen(cdr->channel) * 2 + 1)) != NULL)
+- PQescapeString(channel, cdr->channel, strlen(cdr->channel));
++ PQescapeStringConn(conn, channel, cdr->channel, strlen(cdr->channel), &pgerr);
+ if ((dstchannel = alloca(strlen(cdr->dstchannel) * 2 + 1)) != NULL)
+- PQescapeString(dstchannel, cdr->dstchannel, strlen(cdr->dstchannel));
++ PQescapeStringConn(conn, dstchannel, cdr->dstchannel, strlen(cdr->dstchannel), &pgerr);
+ if ((lastapp = alloca(strlen(cdr->lastapp) * 2 + 1)) != NULL)
+- PQescapeString(lastapp, cdr->lastapp, strlen(cdr->lastapp));
++ PQescapeStringConn(conn, lastapp, cdr->lastapp, strlen(cdr->lastapp), &pgerr);
+ if ((lastdata = alloca(strlen(cdr->lastdata) * 2 + 1)) != NULL)
+- PQescapeString(lastdata, cdr->lastdata, strlen(cdr->lastdata));
++ PQescapeStringConn(conn, lastdata, cdr->lastdata, strlen(cdr->lastdata), &pgerr);
+ if ((uniqueid = alloca(strlen(cdr->uniqueid) * 2 + 1)) != NULL)
+- PQescapeString(uniqueid, cdr->uniqueid, strlen(cdr->uniqueid));
++ PQescapeStringConn(conn, uniqueid, cdr->uniqueid, strlen(cdr->uniqueid), &pgerr);
+ if ((userfield = alloca(strlen(cdr->userfield) * 2 + 1)) != NULL)
+- PQescapeString(userfield, cdr->userfield, strlen(cdr->userfield));
++ PQescapeStringConn(conn, userfield, cdr->userfield, strlen(cdr->userfield), &pgerr);
++ if ((src = alloca(strlen(cdr->src) * 2 + 1)) != NULL)
++ PQescapeStringConn(conn, src, cdr->src, strlen(cdr->src), &pgerr);
++ if ((dst = alloca(strlen(cdr->dst) * 2 + 1)) != NULL)
++ PQescapeStringConn(conn, dst, cdr->dst, strlen(cdr->dst), &pgerr);
+
+ /* Check for all alloca failures above at once */
+- if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid) || (!userfield)) {
++ if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid) || (!userfield) || (!src) || (!dst)) {
+ ast_log(LOG_ERROR, "cdr_pgsql: Out of memory error (insert fails)\n");
+ ast_mutex_unlock(&pgsql_lock);
+ return -1;
+@@ -123,7 +128,7 @@
+ snprintf(sqlcmd,sizeof(sqlcmd),"INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,"
+ "lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) VALUES"
+ " ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s','%s','%s')",
+- table,timestr,clid,cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata,
++ table, timestr, clid, src, dst, dcontext,channel, dstchannel, lastapp, lastdata,
+ cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode, uniqueid, userfield);
+
+ ast_log(LOG_DEBUG,"cdr_pgsql: SQL command executed: %s\n",sqlcmd);
More information about the Pkg-voip-commits
mailing list