Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: strtok in db_berkeley
db_berkeley uses pipe character (|) as a field delimiter in a row (row is just a character string). But for parsing the row it uses function strtok(row,"|") which will lead to errors when we have sequences of two and more pipes (i.e. the fields values between them are empty strings), because strtok never returns empty strings and proceeds to the next until non-empty token will be found. So it will result in a the wrong number of fields in processed row.
It would be better to switch to strsep function which process tokens one in a time.
Sorry, current implementation of db_berkeley is very limited and may be
even dangerous (what happens if attacker embeds into packet sent to server
a sequence of pipe characters which later will be inserted into database by
the server). So fixing the bugs there is senseless because the bugs so to
say compensate each other. Even better is not use the module.