Sanity check cstore limit/offset param values

Certain cstore calls (direct / json_query) that support limit/offset
params called with a non-string / non-numeric value

e.g. { "limit": null }

result in a cstore segfault as it tries to call atoi(NULL) under the
covers.  This patch prevents this by verifying that the limit/offset
values are actual strings or numbers (i.e. return a value from
jsonObjectGetString) and not JSON_NULL, etc.

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Dan Scott <dscott@laurentian.ca>

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index d30f427..38590e4 100644 (file)
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -4847,12 +4847,16 @@ char* SELECT (
 
        if( limit ){
                const char* str = jsonObjectGetString( limit );
-               buffer_fadd( sql_buf, " LIMIT %d", atoi( str ));
+               if (str) { // limit could be JSON_NULL, etc.
+                       buffer_fadd( sql_buf, " LIMIT %d", atoi( str ));
+               }
        }
 
        if( offset ) {
                const char* str = jsonObjectGetString( offset );
-               buffer_fadd( sql_buf, " OFFSET %d", atoi( str ));
+               if (str) {
+                       buffer_fadd( sql_buf, " OFFSET %d", atoi( str ));
+               }
        }
 
        if( !(flags & SUBSELECT) )
@@ -5370,21 +5374,25 @@ static char* buildSELECT ( const jsonObject* search_hash, jsonObject* rest_of_qu
                const jsonObject* limit = jsonObjectGetKeyConst( rest_of_query, "limit" );
                if( limit ) {
                        const char* str = jsonObjectGetString( limit );
-                       buffer_fadd(
-                               sql_buf,
-                               " LIMIT %d",
-                               atoi(str)
-                       );
+                       if (str) {
+                               buffer_fadd(
+                                       sql_buf,
+                                       " LIMIT %d",
+                                       atoi(str)
+                               );
+                       }
                }
 
                const jsonObject* offset = jsonObjectGetKeyConst( rest_of_query, "offset" );
                if( offset ) {
                        const char* str = jsonObjectGetString( offset );
-                       buffer_fadd(
-                               sql_buf,
-                               " OFFSET %d",
-                               atoi( str )
-                       );
+                       if (str) {
+                               buffer_fadd(
+                                       sql_buf,
+                                       " OFFSET %d",
+                                       atoi( str )
+                               );
+                       }
                }
        }