Tue, 20 Aug 2024 12:34:32 +0200
fix pg ext uninitialized memory acces - fixes #420
272
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
4 | * Copyright 2022 Olaf Wintermann. All rights reserved. |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * Redistribution and use in source and binary forms, with or without |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * modification, are permitted provided that the following conditions are met: |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * 1. Redistributions of source code must retain the above copyright |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * notice, this list of conditions and the following disclaimer. |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * notice, this list of conditions and the following disclaimer in the |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * documentation and/or other materials provided with the distribution. |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * POSSIBILITY OF SUCH DAMAGE. |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | */ |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
29 | #include "service.h" |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
30 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
31 | #include <stdio.h> |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
32 | #include <string.h> |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
34 | #include "resource.h" |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
35 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
36 | int pg_query(pblock *pb, Session *sn, Request *rq) { |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
37 | char *respool = pblock_findval("resource", pb); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
38 | char *query = pblock_findval("query", pb); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
39 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
40 | if(!respool) { |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
41 | log_ereport(LOG_MISCONFIG, "pg-query: missing resource parameter"); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
42 | return REQ_ABORTED; |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
43 | } |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
44 | if(!query) { |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
45 | log_ereport(LOG_MISCONFIG, "pg-query: missing query parameter"); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
46 | return REQ_ABORTED; |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
47 | } |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
48 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
49 | // Get the named resource and check if the PG connection works |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
50 | ResourceData *res = resourcepool_lookup(sn, rq, respool, 0); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
51 | if(!res) { |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
52 | log_ereport(LOG_FAILURE, "pg-query: cannot get resource '%s'", respool); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
53 | return REQ_ABORTED; |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
54 | } |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
55 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
56 | PGconn *connection = res->data; |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
57 | if(pg_check_connection(LOG_FAILURE, respool, connection)) { |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
58 | return REQ_ABORTED; |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
59 | } |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
60 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
61 | // execute query |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
62 | PGresult *result = PQexec(connection, query); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
63 | if(!result) return REQ_ABORTED; |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
64 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
65 | // start response |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
66 | pblock_remove("content-type", rq->srvhdrs); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
67 | pblock_nvinsert("content-type", "text/html", rq->srvhdrs); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
68 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
69 | protocol_status(sn, rq, 200, NULL); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
70 | http_start_response(sn, rq); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
71 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
72 | // (html) header |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
73 | net_printf(sn->csd, "%s", "<!DOCTYPE html>\n<html><head></head><body>\n"); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
74 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
75 | int nfields = PQnfields(result); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
76 | if(nfields > 0) { |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
77 | net_printf(sn->csd, "<table>\n<tr>\n"); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
78 | for(int i=0;i<nfields;i++) { |
274
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
79 | char *fieldName = PQfname(result, i); |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
80 | char *fieldNameEscaped = util_html_escape(fieldName); |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
81 | if(fieldNameEscaped) { |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
82 | net_printf(sn->csd, "<th>%s</th>\n", fieldNameEscaped); |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
83 | FREE(fieldNameEscaped); |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
84 | } |
272
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
85 | } |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
86 | net_printf(sn->csd, "</tr>\n"); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
87 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
88 | int nrows = PQntuples(result); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
89 | for(int r=0;r<nrows;r++) { |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
90 | net_printf(sn->csd, "<tr>\n"); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
91 | for(int c=0;c<nfields;c++) { |
274
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
92 | char *fieldValue = PQgetvalue(result, r, c); |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
93 | char *fieldValueEscaped = util_html_escape(fieldValue); |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
94 | if(fieldValueEscaped) { |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
95 | net_printf(sn->csd, "<td>%s</td>\n", fieldValueEscaped); |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
96 | FREE(fieldValueEscaped); |
607712fb3c66
escape html output in pg_query
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
272
diff
changeset
|
97 | } |
272
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
98 | } |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
99 | net_printf(sn->csd, "</tr>\n"); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
100 | } |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
101 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
102 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
103 | net_printf(sn->csd, "</table>\n"); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
104 | } else { |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
105 | net_printf(sn->csd, "<p>%s</p>\n", PQresStatus(PQresultStatus(result))); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
106 | } |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
107 | |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
108 | net_printf(sn->csd, "%s", "</body></html>\n"); |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
109 | |
278
38bf7b42b58c
implement pg_vfs_open
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
274
diff
changeset
|
110 | PQclear(result); |
38bf7b42b58c
implement pg_vfs_open
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
274
diff
changeset
|
111 | |
272
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
112 | return REQ_PROCEED; |
f210681d9dd0
add minimal working implementation for resourcepool_lookup()
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
113 | } |