X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=mysql_selector.c;h=51273644413ec0b67c4d100281857a023bac5d77;hp=82f197cdd9ce0362167cc017af09fea59be13ea8;hb=ab489052bae21ba25b1dd37bee1b538d03894d18;hpb=3049c5f8212fa4b0a6c502fd0a8b11b96aea63f2

diff --git a/mysql_selector.c b/mysql_selector.c
index 82f197cd..51273644 100644
--- a/mysql_selector.c
+++ b/mysql_selector.c
@@ -32,7 +32,6 @@
 #include "net.h"
 #include "string.h"
 
-extern struct gengetopt_args_info conf;
 /** pointer to the shared memory area */
 extern struct misc_meta_data *mmd;
 
@@ -663,7 +662,7 @@ out:
 	return ret;
 }
 
-static char *escape_blob(char* old, int size)
+static char *escape_blob(const char* old, int size)
 {
 	char *new;
 
@@ -674,7 +673,7 @@ static char *escape_blob(char* old, int size)
 	return new;
 }
 
-static char *escape_str(char* old)
+static char *escape_str(const char* old)
 {
 	return escape_blob(old, strlen(old));
 }
@@ -693,7 +692,7 @@ static char *escaped_basename(const char *name)
 /*
  * new attribute
  */
-static int com_na(__unused int fd, int argc, char *argv[])
+static int com_na(__a_unused int fd, int argc, char *argv[])
 {
 	char *q, *tmp;
 	int ret;
@@ -714,7 +713,7 @@ static int com_na(__unused int fd, int argc, char *argv[])
 /*
  * delete attribute
  */
-static int com_da(__unused int fd, int argc, char *argv[])
+static int com_da(__a_unused int fd, int argc, char *argv[])
 {
 	char *q, *tmp;
 	int ret;
@@ -865,7 +864,7 @@ static void *get_all_attributes(void)
 /*
  * list all attributes
  */
-static int com_laa(int fd, int argc, __unused char *argv[])
+static int com_laa(int fd, int argc, __a_unused char *argv[])
 {
 	void *result;
 	int ret;
@@ -1159,12 +1158,17 @@ static char *get_query(char *streamname, char *filename, int with_path)
 	char *select_clause = NULL;
 	if (!streamname)
 		tmp = get_current_stream();
-	else
+	else {
 		tmp = escape_str(streamname);
+		if (!tmp)
+			return NULL;
+	}
 	if (!strcmp(tmp, "(none)")) {
 		free(tmp);
 		if (filename) {
 			char *ret, *ebn = escaped_basename(filename);
+			if (!ebn)
+				return NULL;
 			ret = make_message("select to_days(now()) - "
 				"to_days(lastplayed) from data "
 				"where name = '%s'", ebn);
@@ -1465,7 +1469,7 @@ out:
 /*
  * remove/add entries
  */
-static int com_rm_ne(__unused int fd, int argc, char *argv[])
+static int com_rm_ne(__a_unused int fd, int argc, char *argv[])
 {
 	int ne = !strcmp(argv[0], "ne");
 	int i, ret;
@@ -1487,7 +1491,7 @@ static int com_rm_ne(__unused int fd, int argc, char *argv[])
 /*
  * mv: rename entry
  */
-static int com_mv(__unused int fd, int argc, char *argv[])
+static int com_mv(__a_unused int fd, int argc, char *argv[])
 {
 	char *q, *dn, *ebn1 = NULL, *ebn2 = NULL, *edn = NULL;
 	int ret;
@@ -1501,7 +1505,7 @@ static int com_mv(__unused int fd, int argc, char *argv[])
 		goto out;
 	ret = -E_MYSQL_SYNTAX;
 	if (!strcmp(ebn1, ebn2))
-		goto out;
+		goto update_dir;
 	remove_entry(argv[2]); /* no need to escape, ignore error */
 	q = make_message("update data set name = '%s' where name = '%s'",
 		ebn2, ebn1);
@@ -1518,6 +1522,7 @@ static int com_mv(__unused int fd, int argc, char *argv[])
 	free(q);
 	if (ret < 0)
 		goto out;
+update_dir:
 	ret = 1;
 	dn = para_dirname(argv[2]);
 	if (!dn)
@@ -1545,7 +1550,7 @@ out:
  * picass: associate pic to audio file
  * snp: set numplayed
  */
-static int com_set(__unused int fd, int argc, char *argv[])
+static int com_set(__a_unused int fd, int argc, char *argv[])
 {
 	char *q, *ebn;
 	long unsigned id;
@@ -1573,7 +1578,7 @@ static int com_set(__unused int fd, int argc, char *argv[])
 /*
  * picch: change entry's name in pics table
  */
-static int com_picch(__unused int fd, int argc, char *argv[])
+static int com_picch(__a_unused int fd, int argc, char *argv[])
 {
 	int ret;
 	long unsigned id;
@@ -1596,7 +1601,7 @@ static int com_picch(__unused int fd, int argc, char *argv[])
 /*
  * piclist: print list of pics in db
  */
-static int com_piclist(__unused int fd, int argc, __unused char *argv[])
+static int com_piclist(__a_unused int fd, int argc, __a_unused char *argv[])
 {
 	void *result = NULL;
 	MYSQL_ROW row;
@@ -1698,7 +1703,7 @@ out:
 }
 
 /* strdel */
-static int com_strdel(__unused int fd, int argc, char *argv[])
+static int com_strdel(__a_unused int fd, int argc, char *argv[])
 {
 	char *q, *tmp;
 	int ret;
@@ -1751,7 +1756,7 @@ static int com_ls(int fd, int argc, char *argv[])
 /*
  * summary
  */
-static int com_summary(__unused int fd, int argc, __unused char *argv[])
+static int com_summary(__a_unused int fd, int argc, __a_unused char *argv[])
 {
 	MYSQL_ROW row;
 	MYSQL_ROW row2;
@@ -1840,10 +1845,10 @@ static int update_audio_file(char *name)
 	ret = real_query(q);
 	free(q);
 out:
-	if (ebn)
-		free(ebn);
+	free(ebn);
 	return ret;
 }
+
 /* If called as child, mmd_lock must be held */
 static void update_mmd(char *info)
 {
@@ -1861,7 +1866,7 @@ static void update_audio_file_server_handler(char *name)
 	update_audio_file(name);
 }
 
-static int com_us(__unused int fd, int argc, char *argv[])
+static int com_us(__a_unused int fd, int argc, char *argv[])
 {
 	char *tmp;
 	int ret;
@@ -1892,7 +1897,7 @@ static void refresh_selector_info(void)
 }
 
 /* select previous/next stream */
-static int com_ps(__unused int fd, int argc, char *argv[])
+static int com_ps(__a_unused int fd, int argc, char *argv[])
 {
 	char *query, *stream = get_current_stream();
 	void *result = get_result("select name from streams");
@@ -1959,7 +1964,7 @@ out:
 }
 
 /* streams */
-static int com_streams(int fd, int argc, __unused char *argv[])
+static int com_streams(int fd, int argc, __a_unused char *argv[])
 {
 	unsigned int num_rows;
 	int i, ret = -E_NORESULT;
@@ -2096,14 +2101,21 @@ static int com_sl(int fd, int argc, char *argv[])
 	num = atoi(argv[1]);
 	if (!num)
 		return -E_MYSQL_SYNTAX;
-	stream = (argc == 2)?  get_current_stream() : escape_str(argv[2]);
+	if (argc == 2) {
+		stream = get_current_stream();
+		if (!stream)
+			return -E_GET_STREAM;
+	} else {
+		stream = escape_str(argv[2]);
+		if (!stream)
+			return -E_ESCAPE;
+	}
 	tmp = get_query(stream, NULL, 0);
+	free(stream);
+	if (!tmp)
+		return -E_GET_QUERY;
 	query = make_message("%s limit %d", tmp, num);
 	free(tmp);
-	ret = -E_GET_QUERY;
-	free(stream);
-	if (!query)
-		goto out;
 	ret = -E_NORESULT;
 	result = get_result(query);
 	free(query);
@@ -2265,7 +2277,7 @@ out:
 /*
  * verify / clean
  */
-static int com_vrfy(int fd, int argc, __unused char *argv[])
+static int com_vrfy(int fd, int argc, __a_unused char *argv[])
 {
 	char *query;
 	int ret, vrfy_mode = strcmp(argv[0], "clean");
@@ -2321,7 +2333,6 @@ static int mysql_write_tmp_file(const char *dir, const char *name)
 {
 	int ret = -E_TMPFILE;
 	char *msg = make_message("%s\t%s\n", dir, name);
-
 	if (fputs(msg, out_file) != EOF)
 		ret = 1;
 	free(msg);
@@ -2331,7 +2342,7 @@ static int mysql_write_tmp_file(const char *dir, const char *name)
 /*
  * update database
  */
-static int com_upd(int fd, int argc, __unused char *argv[])
+static int com_upd(int fd, int argc, __a_unused char *argv[])
 {
 	char *tempname = NULL, *query = NULL;
 	int ret, out_fd = -1, num = 0;
@@ -2366,7 +2377,7 @@ static int com_upd(int fd, int argc, __unused char *argv[])
 		goto out;
 	if ((ret = real_query("delete from dir")) < 0)
 		goto out;
-	query = make_message("load data infile '%s' into table dir "
+	query = make_message("load data infile '%s' ignore into table dir "
 		"fields terminated by '\t' lines terminated by '\n' "
 		"(dir, name)", tempname);
 	ret = real_query(query);
@@ -2384,12 +2395,17 @@ static int com_upd(int fd, int argc, __unused char *argv[])
 		goto out;
 	}
 	while ((row = mysql_fetch_row(result))) {
+		char *erow;
 		ret = -E_NOROW;
 		if (!row[0])
 			goto out;
 		send_va_buffer(fd, "new entry: %s\n", row[0]);
+		erow = escape_str(row[0]);
+		if (!erow)
+			goto out;
 		query = make_message("insert into data (name, pic_id) values "
-			"('%s','%s')", row[0], "1");
+			"('%s','%s')", erow, "1");
+		free(erow);
 		ret = real_query(query);
 		free(query);
 		if (ret < 0)
@@ -2418,11 +2434,12 @@ static char **server_get_audio_file_list(unsigned int num)
 
 	tmp = get_query(stream, NULL, 1);
 	free(stream);
+	if (!tmp)
+		goto err_out;
 	query = make_message("%s limit %d", tmp, num);
 	free(tmp);
-	if (!query)
-		goto err_out;
 	result = get_result(query);
+	free(query);
 	if (!result)
 		goto err_out;
 	num_rows = mysql_num_rows(result);
@@ -2444,8 +2461,6 @@ err_out:
 	free(list);
 	list = NULL;
 success:
-	if (query)
-		free(query);
 	if (result)
 		mysql_free_result(result);
 	return list;
@@ -2511,8 +2526,12 @@ static int com_cdb(int fd, int argc, char *argv[])
 		goto out;
 	if (argc < 2)
 		conf.mysql_database_arg = para_strdup("paraslash");
-	else
+	else {
+		ret = -E_ESCAPE;
 		conf.mysql_database_arg = escape_str(argv[1]);
+		if (!conf.mysql_database_arg)
+			goto out;
+	}
 	query = make_message("create database %s", conf.mysql_database_arg);
 	ret = real_query(query);
 	free(query);