X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=mysql_selector.c;h=51273644413ec0b67c4d100281857a023bac5d77;hp=054c797ebcd10e66635197b73dc7548449bc6bce;hb=82008b5367b438f01bb3899a93b406a6066d2b1f;hpb=786010c598f79d20280e6ea9ea458cad4a7e9af7

diff --git a/mysql_selector.c b/mysql_selector.c
index 054c797e..51273644 100644
--- a/mysql_selector.c
+++ b/mysql_selector.c
@@ -1158,12 +1158,17 @@ static char *get_query(char *streamname, char *filename, int with_path)
 	char *select_clause = NULL;
 	if (!streamname)
 		tmp = get_current_stream();
-	else
+	else {
 		tmp = escape_str(streamname);
+		if (!tmp)
+			return NULL;
+	}
 	if (!strcmp(tmp, "(none)")) {
 		free(tmp);
 		if (filename) {
 			char *ret, *ebn = escaped_basename(filename);
+			if (!ebn)
+				return NULL;
 			ret = make_message("select to_days(now()) - "
 				"to_days(lastplayed) from data "
 				"where name = '%s'", ebn);
@@ -1500,7 +1505,7 @@ static int com_mv(__a_unused int fd, int argc, char *argv[])
 		goto out;
 	ret = -E_MYSQL_SYNTAX;
 	if (!strcmp(ebn1, ebn2))
-		goto out;
+		goto update_dir;
 	remove_entry(argv[2]); /* no need to escape, ignore error */
 	q = make_message("update data set name = '%s' where name = '%s'",
 		ebn2, ebn1);
@@ -1517,6 +1522,7 @@ static int com_mv(__a_unused int fd, int argc, char *argv[])
 	free(q);
 	if (ret < 0)
 		goto out;
+update_dir:
 	ret = 1;
 	dn = para_dirname(argv[2]);
 	if (!dn)
@@ -2095,14 +2101,21 @@ static int com_sl(int fd, int argc, char *argv[])
 	num = atoi(argv[1]);
 	if (!num)
 		return -E_MYSQL_SYNTAX;
-	stream = (argc == 2)?  get_current_stream() : escape_str(argv[2]);
+	if (argc == 2) {
+		stream = get_current_stream();
+		if (!stream)
+			return -E_GET_STREAM;
+	} else {
+		stream = escape_str(argv[2]);
+		if (!stream)
+			return -E_ESCAPE;
+	}
 	tmp = get_query(stream, NULL, 0);
+	free(stream);
+	if (!tmp)
+		return -E_GET_QUERY;
 	query = make_message("%s limit %d", tmp, num);
 	free(tmp);
-	ret = -E_GET_QUERY;
-	free(stream);
-	if (!query)
-		goto out;
 	ret = -E_NORESULT;
 	result = get_result(query);
 	free(query);
@@ -2388,6 +2401,8 @@ static int com_upd(int fd, int argc, __a_unused char *argv[])
 			goto out;
 		send_va_buffer(fd, "new entry: %s\n", row[0]);
 		erow = escape_str(row[0]);
+		if (!erow)
+			goto out;
 		query = make_message("insert into data (name, pic_id) values "
 			"('%s','%s')", erow, "1");
 		free(erow);
@@ -2419,6 +2434,8 @@ static char **server_get_audio_file_list(unsigned int num)
 
 	tmp = get_query(stream, NULL, 1);
 	free(stream);
+	if (!tmp)
+		goto err_out;
 	query = make_message("%s limit %d", tmp, num);
 	free(tmp);
 	result = get_result(query);
@@ -2509,8 +2526,12 @@ static int com_cdb(int fd, int argc, char *argv[])
 		goto out;
 	if (argc < 2)
 		conf.mysql_database_arg = para_strdup("paraslash");
-	else
+	else {
+		ret = -E_ESCAPE;
 		conf.mysql_database_arg = escape_str(argv[1]);
+		if (!conf.mysql_database_arg)
+			goto out;
+	}
 	query = make_message("create database %s", conf.mysql_database_arg);
 	ret = real_query(query);
 	free(query);