Skip to content

Commit

Permalink
Add validity check for key names when writing
Browse files Browse the repository at this point in the history
Adds a simple sanity check for key names when users are
writing data to AstDB. This captures four cases indicating
malformed keynames that generally result in bad data going
into the DB that the user didn't intend: an empty key name,
a key name beginning or ending with a slash, and a key name
containing two slashes in a row. Generally, this is the
result of a variable being used in the key name being empty.

If a malformed key name is detected, a warning is emitted
to indicate the bug in the dialplan.

<asterisk/asterisk@b1765c9>
  • Loading branch information
N4IRS authored Apr 29, 2022
1 parent d1de00e commit d8746b8
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions asterisk/funcs/func_db.c
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,14 @@ static int function_db_write(struct ast_channel *chan, char *cmd, char *parse,
return -1;
}

/*
* When keynames are dynamically created using variables, if the variable is empty, this put bad data into the DB.
* In particular, a few cases: an empty key name, a key starting or ending with a /, and a key containing // two slashes.
* If this happens, allow it to go in, but warn the user of the issue and possible data corruption. */
if (ast_strlen_zero(args.key) || args.key[0] == '/' || args.key[strlen(args.key) - 1] == '/' || strstr(args.key, "//")) {
ast_log(LOG_WARNING, "DB: key '%s' seems malformed\n", args.key);
}

if (ast_db_put(args.family, args.key, (char *) value))
ast_log(LOG_WARNING, "DB: Error writing value to database.\n");

Expand Down

0 comments on commit d8746b8

Please sign in to comment.