From: scottmk <scottmk@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Fri, 13 Mar 2009 12:27:40 +0000 (+0000)
Subject: Further tightened input validation.  In all cases where we call
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=6c87ce5cbaf0ffd21527437d5acebee649523a36;p=Evergreen.git

Further tightened input validation.  In all cases where we call
searchWHERE(), we now respond to a NULL return by propagating
the error up the calling chain (instead of generating
defective SQL).

Also: replaced one call to jsonObjectToSimpleString() with a
call to jsonObjectGetString(), avoiding a malloc and free.


git-svn-id: svn://svn.open-ils.org/ILS/trunk@12509 dcc99617-32d9-48b4-a31d-7c20da2025e4
---

diff --git a/Open-ILS/src/c-apps/oils_cstore.c b/Open-ILS/src/c-apps/oils_cstore.c
index a21b830abc..6154c7db73 100644
--- a/Open-ILS/src/c-apps/oils_cstore.c
+++ b/Open-ILS/src/c-apps/oils_cstore.c
@@ -1859,10 +1859,20 @@ static char* searchFieldTransformPredicate (const char* class, osrfHash* field,
 	const jsonObject* value_obj = jsonObjectGetKeyConst( node, "value" );
 	if ( ! value_obj ) {
 		value = searchWHERE( node, osrfHashGet( oilsIDL(), class ), AND_OP_JOIN, NULL );
+		if( !value ) {
+			osrfLogError(OSRF_LOG_MARK, "%s: Error building condition for field transform", MODULENAME, value);
+			free(field_transform);
+			return NULL;
+		}
 	} else if ( value_obj->type == JSON_ARRAY ) {
 		value = searchValueTransform( value_obj );
 	} else if ( value_obj->type == JSON_HASH ) {
 		value = searchWHERE( value_obj, osrfHashGet( oilsIDL(), class ), AND_OP_JOIN, NULL );
+		if( !value ) {
+			osrfLogError(OSRF_LOG_MARK, "%s: Error building predicate for field transform", MODULENAME, value);
+			free(field_transform);
+			return NULL;
+		}
 	} else if ( value_obj->type == JSON_NUMBER ) {
 		value = jsonNumberToDBString( field, value_obj );
 	} else if ( value_obj->type != JSON_NULL ) {
@@ -2220,7 +2230,7 @@ static char* searchJOIN ( const jsonObject* join_hash, osrfHash* leftmeta ) {
 
 		const jsonObject* filter = jsonObjectGetKeyConst( snode, "filter" );
 		if (filter) {
-			char* filter_op = jsonObjectToSimpleString( jsonObjectGetKeyConst( snode, "filter_op" ) );
+			const char* filter_op = jsonObjectGetString( jsonObjectGetKeyConst( snode, "filter_op" ) );
 			if (filter_op) {
 				if (!strcasecmp("or",filter_op)) {
 					buffer_add( join_buf, " OR " );
@@ -2232,10 +2242,24 @@ static char* searchJOIN ( const jsonObject* join_hash, osrfHash* leftmeta ) {
 			}
 
 			char* jpred = searchWHERE( filter, idlClass, AND_OP_JOIN, NULL );
-			OSRF_BUFFER_ADD_CHAR( join_buf, ' ' );
-			OSRF_BUFFER_ADD( join_buf, jpred );
-			free(jpred);
-			free(filter_op);
+			if( jpred ) {
+				OSRF_BUFFER_ADD_CHAR( join_buf, ' ' );
+				OSRF_BUFFER_ADD( join_buf, jpred );
+				free(jpred);
+			} else {
+				osrfLogError(
+					OSRF_LOG_MARK,
+					"%s: JOIN failed.  Invalid conditional expression.",
+					MODULENAME
+				);
+				free( field );
+				free( fkey );
+				jsonIteratorFree( search_itr );
+				buffer_free( join_buf );
+				if( freeable_hash )
+					jsonObjectFree( freeable_hash );
+				return NULL;
+			}
 		}
 
 		buffer_add(join_buf, " ) ");
@@ -2317,8 +2341,14 @@ static char* searchWHERE ( const jsonObject* search_hash, osrfHash* meta, int op
             }
 
             char* subpred = searchWHERE( node, meta, opjoin_type, ctx );
-            buffer_fadd(sql_buf, "( %s )", subpred);
-            free(subpred);
+			if( subpred ) {
+            	buffer_fadd(sql_buf, "( %s )", subpred);
+            	free(subpred);
+			} else {
+				jsonIteratorFree( search_itr );
+				buffer_free( sql_buf );
+				return NULL;
+			}
         }
         jsonIteratorFree(search_itr);
 
@@ -2362,19 +2392,36 @@ static char* searchWHERE ( const jsonObject* search_hash, osrfHash* meta, int op
 						return NULL;
 					}
 					buffer_fadd(sql_buf, " \"%s\".%s ", search_itr->key + 1, subpred);
-                } else {
-                    char* subpred = searchWHERE( node, osrfHashGet( oilsIDL(), search_itr->key + 1 ), AND_OP_JOIN, ctx );
-                    buffer_fadd(sql_buf, "( %s )", subpred);
-                    free(subpred);
-                }
-            } else if ( !strcasecmp("-or",search_itr->key) ) {
-                char* subpred = searchWHERE( node, meta, OR_OP_JOIN, ctx );
-                buffer_fadd(sql_buf, "( %s )", subpred);
-                free(subpred);
-            } else if ( !strcasecmp("-and",search_itr->key) ) {
-                char* subpred = searchWHERE( node, meta, AND_OP_JOIN, ctx );
-                buffer_fadd(sql_buf, "( %s )", subpred);
-                free(subpred);
+				} else {
+					char* subpred = searchWHERE( node, osrfHashGet( oilsIDL(), search_itr->key + 1 ), AND_OP_JOIN, ctx );
+					if( subpred ) {
+						buffer_fadd(sql_buf, "( %s )", subpred);
+						free(subpred);
+					} else {
+						jsonIteratorFree( search_itr );
+						buffer_free( sql_buf );
+						return NULL;
+					}
+				}
+			} else if ( !strcasecmp("-or",search_itr->key) ) {
+				char* subpred = searchWHERE( node, meta, OR_OP_JOIN, ctx );
+				if( subpred ) {
+					buffer_fadd(sql_buf, "( %s )", subpred);
+					free( subpred );
+				} else {
+					buffer_free( sql_buf );
+					return NULL;
+				}
+				free(subpred);
+			} else if ( !strcasecmp("-and",search_itr->key) ) {
+				char* subpred = searchWHERE( node, meta, AND_OP_JOIN, ctx );
+				if( subpred ) {
+					buffer_fadd(sql_buf, "( %s )", subpred);
+					free( subpred );
+				} else {
+					buffer_free( sql_buf );
+					return NULL;
+				}
             } else if ( !strcasecmp("-exists",search_itr->key) ) {
                 char* subpred = SELECT(
                     ctx,