[ opensips-Bugs-2721023 ] strtok in db_berkeley

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ opensips-Bugs-2721023 ] strtok in db_berkeley

SourceForge.net
Bugs item #2721023, was opened at 2009-03-29 20:46
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2721023&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: strtok in db_berkeley

Initial Comment:
db_berkeley uses pipe character (|) as a field delimiter in a row (row is just a character string). But for parsing the row it uses function strtok(row,"|") which will lead to errors when we have sequences of two and more pipes (i.e. the fields values between them are empty strings), because strtok never returns empty strings and proceeds to the next until non-empty token will be found. So it will result in a  the wrong number of fields in processed row.

It would be better to switch to strsep function which process tokens one in a time.  

----------------------------------------------------------------------

>Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2009-04-01 21:21

Message:
according the man page, there is no difference between strtok and strsep,
except handling the empty empty fields.

But, in both case, the risk for injection is the same, IMO. so it
shouldn;t be worst by replacing the functions.

BTW, is there any way of doing escaping for the | ?

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2009-03-30 08:20

Message:
Sorry, current implementation of db_berkeley is very limited and may be
even dangerous (what happens if attacker embeds into packet sent to server
a sequence of pipe characters which later will be inserted into database by
the server). So fixing the bugs there is senseless because the bugs so to
say compensate each other. Even better is not use the module.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2721023&group_id=232389

_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel