[Pkg-voip-commits] r4908 - in /asterisk/branches/sarge/debian: changelog patches/00list patches/99_AST-2007-026.dpatch
paravoid at alioth.debian.org
paravoid at alioth.debian.org
Thu Nov 29 22:49:05 UTC 2007
Author: paravoid
Date: Thu Nov 29 22:49:05 2007
New Revision: 4908
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=4908
Log:
* cdr/cdr_pgsql.c: properly escape src and dst to avoid SQL injections
(AST-2007-026).
Added:
asterisk/branches/sarge/debian/patches/99_AST-2007-026.dpatch
Modified:
asterisk/branches/sarge/debian/changelog
asterisk/branches/sarge/debian/patches/00list
Modified: asterisk/branches/sarge/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/sarge/debian/changelog?rev=4908&op=diff
==============================================================================
--- asterisk/branches/sarge/debian/changelog (original)
+++ asterisk/branches/sarge/debian/changelog Thu Nov 29 22:49:05 2007
@@ -1,3 +1,10 @@
+asterisk (1:1.0.7.dfsg.1-2sarge6) oldstable-security; urgency=high
+
+ * cdr/cdr_pgsql.c: properly escape src and dst to avoid SQL injections
+ (AST-2007-026).
+
+ -- Faidon Liambotis <paravoid at debian.org> Fri, 30 Nov 2007 00:45:46 +0200
+
asterisk (1:1.0.7.dfsg.1-2sarge5) oldstable-security; urgency=high
* Add myself to Uploaders to mark this as a maintainer upload.
Modified: asterisk/branches/sarge/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/sarge/debian/patches/00list?rev=4908&op=diff
==============================================================================
--- asterisk/branches/sarge/debian/patches/00list (original)
+++ asterisk/branches/sarge/debian/patches/00list Thu Nov 29 22:49:05 2007
@@ -22,3 +22,4 @@
99_ASA-2007-014.dpatch
99_CVE-2007-2488.dpatch
99_ASA-2007-015.dpatch
+99_AST-2007-026.dpatch
Added: asterisk/branches/sarge/debian/patches/99_AST-2007-026.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/sarge/debian/patches/99_AST-2007-026.dpatch?rev=4908&op=file
==============================================================================
--- asterisk/branches/sarge/debian/patches/99_AST-2007-026.dpatch (added)
+++ asterisk/branches/sarge/debian/patches/99_AST-2007-026.dpatch Thu Nov 29 22:49:05 2007
@@ -1,0 +1,71 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## AST-2007-026.dpatch by Faidon Liambotis <paravoid at debian.org>
+##
+## DP: cdr_pgsql: properly escape src and dst, avoiding SQL injections
+## DP: upstream's r90170, adapted to 1.0
+## DP: Security fix, AST-2007-026
+
+ at DPATCH@
+diff -urNad asterisk-1.0.7.dfsg.1~/cdr/cdr_pgsql.c asterisk-1.0.7.dfsg.1/cdr/cdr_pgsql.c
+--- asterisk-1.0.7.dfsg.1~/cdr/cdr_pgsql.c 2005-02-26 20:57:14.000000000 +0200
++++ asterisk-1.0.7.dfsg.1/cdr/cdr_pgsql.c 2007-11-30 00:44:34.000000000 +0200
+@@ -51,6 +51,7 @@
+ struct tm tm;
+ char sqlcmd[2048] = "", timestr[128];
+ char *pgerror;
++ int pgerr;
+
+ ast_mutex_lock(&pgsql_lock);
+
+@@ -70,28 +71,32 @@
+
+ if (connected) {
+ char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL;
+- char *uniqueid=NULL, *userfield=NULL;
++ char *uniqueid=NULL, *userfield=NULL, *src=NULL, *dst=NULL;
+
+ /* Maximum space needed would be if all characters needed to be escaped, plus a trailing NULL */
+ if ((clid = alloca(strlen(cdr->clid) * 2 + 1)) != NULL)
+- PQescapeString(clid, cdr->clid, strlen(cdr->clid));
++ PQescapeStringConn(conn, clid, cdr->clid, strlen(cdr->clid), &pgerr);
+ if ((dcontext = alloca(strlen(cdr->dcontext) * 2 + 1)) != NULL)
+- PQescapeString(dcontext, cdr->dcontext, strlen(cdr->dcontext));
++ PQescapeStringConn(conn, dcontext, cdr->dcontext, strlen(cdr->dcontext), &pgerr);
+ if ((channel = alloca(strlen(cdr->channel) * 2 + 1)) != NULL)
+- PQescapeString(channel, cdr->channel, strlen(cdr->channel));
++ PQescapeStringConn(conn, channel, cdr->channel, strlen(cdr->channel), &pgerr);
+ if ((dstchannel = alloca(strlen(cdr->dstchannel) * 2 + 1)) != NULL)
+- PQescapeString(dstchannel, cdr->dstchannel, strlen(cdr->dstchannel));
++ PQescapeStringConn(conn, dstchannel, cdr->dstchannel, strlen(cdr->dstchannel), &pgerr);
+ if ((lastapp = alloca(strlen(cdr->lastapp) * 2 + 1)) != NULL)
+- PQescapeString(lastapp, cdr->lastapp, strlen(cdr->lastapp));
++ PQescapeStringConn(conn, lastapp, cdr->lastapp, strlen(cdr->lastapp), &pgerr);
+ if ((lastdata = alloca(strlen(cdr->lastdata) * 2 + 1)) != NULL)
+- PQescapeString(lastdata, cdr->lastdata, strlen(cdr->lastdata));
++ PQescapeStringConn(conn, lastdata, cdr->lastdata, strlen(cdr->lastdata), &pgerr);
+ if ((uniqueid = alloca(strlen(cdr->uniqueid) * 2 + 1)) != NULL)
+- PQescapeString(uniqueid, cdr->uniqueid, strlen(cdr->uniqueid));
++ PQescapeStringConn(conn, uniqueid, cdr->uniqueid, strlen(cdr->uniqueid), &pgerr);
+ if ((userfield = alloca(strlen(cdr->userfield) * 2 + 1)) != NULL)
+- PQescapeString(userfield, cdr->userfield, strlen(cdr->userfield));
++ PQescapeStringConn(conn, userfield, cdr->userfield, strlen(cdr->userfield), &pgerr);
++ if ((src = alloca(strlen(cdr->src) * 2 + 1)) != NULL)
++ PQescapeStringConn(conn, src, cdr->src, strlen(cdr->src), &pgerr);
++ if ((dst = alloca(strlen(cdr->dst) * 2 + 1)) != NULL)
++ PQescapeStringConn(conn, dst, cdr->dst, strlen(cdr->dst), &pgerr);
+
+ /* Check for all alloca failures above at once */
+- if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid) || (!userfield)) {
++ if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid) || (!userfield) || (!src) || (!dst)) {
+ ast_log(LOG_ERROR, "cdr_pgsql: Out of memory error (insert fails)\n");
+ ast_mutex_unlock(&pgsql_lock);
+ return -1;
+@@ -99,7 +104,7 @@
+
+ ast_log(LOG_DEBUG,"cdr_pgsql: inserting a CDR record.\n");
+
+- snprintf(sqlcmd,sizeof(sqlcmd),"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s','%s')",timestr,clid,cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode, uniqueid, userfield);
++ snprintf(sqlcmd,sizeof(sqlcmd),"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s','%s')",timestr,clid, src, dst, dcontext,channel, dstchannel, lastapp, lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode, uniqueid, userfield);
+ ast_log(LOG_DEBUG,"cdr_pgsql: SQL command executed: %s\n",sqlcmd);
+
+ /* Test to be sure we're still connected... */
More information about the Pkg-voip-commits
mailing list