projects / working / Evergreen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f50aa3e)
Tightened the input validation in searchWHERE(). It now complains
authorscottmk <scottmk@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Fri, 13 Mar 2009 04:00:33 +0000 (04:00 +0000)
committerscottmk <scottmk@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Fri, 13 Mar 2009 04:00:33 +0000 (04:00 +0000)
about an empty JSON object or empty JSON array, instead of
constructing a doomed WHERE clause.

git-svn-id: svn://svn.open-ils.org/ILS/trunk@12508 dcc99617-32d9-48b4-a31d-7c20da2025e4

Open-ILS/src/c-apps/oils_cstore.c patch | blob | history

diff --git a/Open-ILS/src/c-apps/oils_cstore.c b/Open-ILS/src/c-apps/oils_cstore.c
index 9c84d10..a21b830 100644 (file)
--- a/Open-ILS/src/c-apps/oils_cstore.c
+++ b/Open-ILS/src/c-apps/oils_cstore.c
@@ -2293,11 +2293,22 @@ static char* searchWHERE ( const jsonObject* search_hash, osrfHash* meta, int op
 
        jsonObject* node = NULL;
 
-    int first = 1;
-    if ( search_hash->type == JSON_ARRAY ) {
-           osrfLogDebug(OSRF_LOG_MARK, "%s: In WHERE clause, condition type is JSON_ARRAY", MODULENAME);
-        jsonIterator* search_itr = jsonNewIterator( search_hash );
-        while ( (node = jsonIteratorNext( search_itr )) ) {
+       int first = 1;
+       if ( search_hash->type == JSON_ARRAY ) {
+               osrfLogDebug(OSRF_LOG_MARK, "%s: In WHERE clause, condition type is JSON_ARRAY", MODULENAME);
+               jsonIterator* search_itr = jsonNewIterator( search_hash );
+               if( !jsonIteratorHasNext( search_itr ) ) {
+                       osrfLogError(
+                               OSRF_LOG_MARK,
+                               "%s: Invalid predicate structure: empty JSON array",
+                               MODULENAME
+                       );
+                       jsonIteratorFree( search_itr );
+                       buffer_free( sql_buf );
+                       return NULL;
+               }
+
+               while ( (node = jsonIteratorNext( search_itr )) ) {
             if (first) {
                 first = 0;
             } else {
@@ -2311,10 +2322,21 @@ static char* searchWHERE ( const jsonObject* search_hash, osrfHash* meta, int op
         }
         jsonIteratorFree(search_itr);
 
-    } else if ( search_hash->type == JSON_HASH ) {
-           osrfLogDebug(OSRF_LOG_MARK, "%s: In WHERE clause, condition type is JSON_HASH", MODULENAME);
-        jsonIterator* search_itr = jsonNewIterator( search_hash );
-        while ( (node = jsonIteratorNext( search_itr )) ) {
+       } else if ( search_hash->type == JSON_HASH ) {
+               osrfLogDebug(OSRF_LOG_MARK, "%s: In WHERE clause, condition type is JSON_HASH", MODULENAME);
+               jsonIterator* search_itr = jsonNewIterator( search_hash );
+               if( !jsonIteratorHasNext( search_itr ) ) {
+                       osrfLogError(
+                               OSRF_LOG_MARK,
+                               "%s: Invalid predicate structure: empty JSON object",
+                               MODULENAME
+                       );
+                       jsonIteratorFree( search_itr );
+                       buffer_free( sql_buf );
+                       return NULL;
+               }
+
+               while ( (node = jsonIteratorNext( search_itr )) ) {
 
             if (first) {
                 first = 0;
Evergreen ILS