From: Andre <maan@p133.(none)>
Date: Tue, 4 Jul 2006 12:18:30 +0000 (+0200)
Subject: mysql selector: Always check return value of escape_str()
X-Git-Tag: v0.2.14~59^2~7
X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=c07750fcb6f59c774b8f11b374a386390bc9bc38;hp=c60eb263adee5ba7dc6f9c1373c0a18afb50fec1

mysql selector: Always check return value of escape_str()
---

diff --git a/mysql_selector.c b/mysql_selector.c
index 054c797e..45a10bac 100644
--- a/mysql_selector.c
+++ b/mysql_selector.c
@@ -1158,12 +1158,17 @@ static char *get_query(char *streamname, char *filename, int with_path)
 	char *select_clause = NULL;
 	if (!streamname)
 		tmp = get_current_stream();
-	else
+	else {
 		tmp = escape_str(streamname);
+		if (!tmp)
+			return NULL;
+	}
 	if (!strcmp(tmp, "(none)")) {
 		free(tmp);
 		if (filename) {
 			char *ret, *ebn = escaped_basename(filename);
+			if (!ebn)
+				return NULL;
 			ret = make_message("select to_days(now()) - "
 				"to_days(lastplayed) from data "
 				"where name = '%s'", ebn);
@@ -2095,14 +2100,21 @@ static int com_sl(int fd, int argc, char *argv[])
 	num = atoi(argv[1]);
 	if (!num)
 		return -E_MYSQL_SYNTAX;
-	stream = (argc == 2)?  get_current_stream() : escape_str(argv[2]);
+	if (argc == 2) {
+		stream = get_current_stream();
+		if (!stream)
+			return -E_GET_STREAM;
+	} else {
+		stream = escape_str(argv[2]);
+		if (!stream)
+			return -E_ESCAPE;
+	}
 	tmp = get_query(stream, NULL, 0);
+	free(stream);
+	if (!tmp)
+		return -E_GET_QUERY;
 	query = make_message("%s limit %d", tmp, num);
 	free(tmp);
-	ret = -E_GET_QUERY;
-	free(stream);
-	if (!query)
-		goto out;
 	ret = -E_NORESULT;
 	result = get_result(query);
 	free(query);
@@ -2388,6 +2400,8 @@ static int com_upd(int fd, int argc, __a_unused char *argv[])
 			goto out;
 		send_va_buffer(fd, "new entry: %s\n", row[0]);
 		erow = escape_str(row[0]);
+		if (!erow)
+			goto out;
 		query = make_message("insert into data (name, pic_id) values "
 			"('%s','%s')", erow, "1");
 		free(erow);
@@ -2419,6 +2433,8 @@ static char **server_get_audio_file_list(unsigned int num)
 
 	tmp = get_query(stream, NULL, 1);
 	free(stream);
+	if (!tmp)
+		goto err_out;
 	query = make_message("%s limit %d", tmp, num);
 	free(tmp);
 	result = get_result(query);
@@ -2509,8 +2525,12 @@ static int com_cdb(int fd, int argc, char *argv[])
 		goto out;
 	if (argc < 2)
 		conf.mysql_database_arg = para_strdup("paraslash");
-	else
+	else {
+		ret = -E_ESCAPE;
 		conf.mysql_database_arg = escape_str(argv[1]);
+		if (!conf.mysql_database_arg)
+			goto out;
+	}
 	query = make_message("create database %s", conf.mysql_database_arg);
 	ret = real_query(query);
 	free(query);