[Midnightbsd-cvs] src [7628] stable/0.8/lib/libmport/pkgmeta.c: sanity check sql data

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Sat Jun 4 19:12:44 EDT 2016 

Revision: 7628
          http://svnweb.midnightbsd.org/src/?rev=7628
Author:   laffer1
Date:     2016-06-04 19:12:43 -0400 (Sat, 04 Jun 2016)
Log Message:
-----------
sanity check sql data

Modified Paths:
--------------
    stable/0.8/lib/libmport/pkgmeta.c

Modified: stable/0.8/lib/libmport/pkgmeta.c
===================================================================
--- stable/0.8/lib/libmport/pkgmeta.c	2016-06-03 01:56:09 UTC (rev 7627)
+++ stable/0.8/lib/libmport/pkgmeta.c	2016-06-04 23:12:43 UTC (rev 7628)
@@ -349,7 +349,8 @@
 }  
 
 
-int mport_pkgmeta_get_assetlist(mportInstance *mport, mportPackageMeta *pkg, mportAssetList **alist_p)
+int
+mport_pkgmeta_get_assetlist(mportInstance *mport, mportPackageMeta *pkg, mportAssetList **alist_p)
 {
   mportAssetList *alist;
   sqlite3_stmt *stmt;
@@ -365,6 +366,9 @@
     sqlite3_finalize(stmt);
     RETURN_CURRENT_ERROR;
   }
+
+  if (stmt == NULL)
+	RETURN_CURRENT_ERROR;
     
   while (1) {
     ret = sqlite3_step(stmt);
@@ -383,13 +387,31 @@
       sqlite3_finalize(stmt);
       RETURN_ERROR(MPORT_ERR_FATAL, "Out of memory.");
     }
+
+    const unsigned char *data;
+    const unsigned char *owner;
+    const unsigned char *group;
+    const unsigned char *mode;
     
     e->type = sqlite3_column_int(stmt, 0);
-    e->data = strdup(sqlite3_column_text(stmt, 1));
-    e->owner = strdup(sqlite3_column_text(stmt, 2));
-    e->group = strdup(sqlite3_column_text(stmt, 3));
-    e->mode = strdup(sqlite3_column_text(stmt, 4));
-    
+    data = sqlite3_column_text(stmt, 1);
+    owner = sqlite3_column_text(stmt, 2);
+    group = sqlite3_column_text(stmt, 3);
+    mode = sqlite3_column_text(stmt, 4);
+     
+    if (data == NULL) {
+      sqlite3_finalize(stmt);
+      RETURN_ERROR(MPORT_ERR_FATAL, "Out of memory.");
+    }
+
+    e->data = strdup(data);
+    if (owner != NULL)
+        e->owner = strdup(owner);
+    if (group != NULL)
+        e->group = strdup(group);
+    if (mode != NULL)
+        e->mode = strdup(mode);
+
     if (e->data == NULL) {
       sqlite3_finalize(stmt);
       RETURN_ERROR(MPORT_ERR_FATAL, "Out of memory.");
@@ -399,6 +421,7 @@
   }
   
   sqlite3_finalize(stmt);
+
   return MPORT_OK;
 }

More information about the Midnightbsd-cvs mailing list