From aa0403b54d8d195819832978936137c2c43fa661 Mon Sep 17 00:00:00 2001 From: scottmk Date: Thu, 19 Mar 2009 13:55:48 +0000 Subject: [PATCH] In searchINPredicate function of oils_cstore.c: tighten input validation. 1. Require that the operand of IN or NOT IN be either a JSON_ARRAY or a JSON_OBJECT. 2. Require that an item in an IN list be either a JSON_STRING or a JSON_NUMBER. git-svn-id: svn://svn.open-ils.org/ILS/trunk@12606 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- Open-ILS/src/c-apps/oils_cstore.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Open-ILS/src/c-apps/oils_cstore.c b/Open-ILS/src/c-apps/oils_cstore.c index 6582b076cc..162f1c1df5 100644 --- a/Open-ILS/src/c-apps/oils_cstore.c +++ b/Open-ILS/src/c-apps/oils_cstore.c @@ -1696,6 +1696,14 @@ static char* searchINPredicate (const char* class, osrfHash* field, else buffer_add(sql_buf, ", "); + // Sanity check + if ( in_item->type != JSON_STRING && in_item->type != JSON_NUMBER ) { + osrfLogError(OSRF_LOG_MARK, "%s: Expected string or number within IN list; found %s", + MODULENAME, json_type( in_item->type ) ); + buffer_free(sql_buf); + return NULL; + } + // Append the literal value -- quoted if not a number if ( JSON_NUMBER == in_item->type ) { char* val = jsonNumberToDBString( field, in_item ); @@ -1726,6 +1734,11 @@ static char* searchINPredicate (const char* class, osrfHash* field, buffer_free( sql_buf ); return NULL; } + } else { + osrfLogError(OSRF_LOG_MARK, "%s: Expected object or array for IN clause; found %s", + MODULENAME, json_type( node->type ) ); + buffer_free(sql_buf); + return NULL; } OSRF_BUFFER_ADD_CHAR( sql_buf, ')' ); -- 2.11.0