dovecot - May 2016 - [patch] Fix for returning NULL values in SQL dict lookups

Hi,

I noticed a bug doing dict lookups on an SQLite database which had NULL values
in its columns; a segmentation fault occurred, probably due to a null pointer
dereference in str_tabescape. The problem is that sqlite3_column_text returns a
null pointer for column values which are (SQL) NULL. It seems the other database
drivers do something similar. The following patch makes the dict server check
for null pointers and return a 'not found' reply in those cases (I
changed the order around in the decision tree to avoid having to repeat return
values):

diff -Naur dovecot-2.2.24/src/dict/dict-commands.c
dovecot-2.2.24-patched/src/dict/dict-commands.c
--- dovecot-2.2.24/src/dict/dict-commands.c     2016-04-26 15:01:20.000000000
+0200
+++ dovecot-2.2.24-patched/src/dict/dict-commands.c     2016-05-11
22:04:06.000000000 +0200
@@ -83,14 +83,14 @@
 {
        struct dict_connection_cmd *cmd = context;
 
-       if (result->ret > 0) {
+       if (result->ret > 0 && result->value) {
                cmd->reply = i_strdup_printf("%c%s\n",
                        DICT_PROTOCOL_REPLY_OK,
str_tabescape(result->value));
-       } else if (result->ret == 0) {
-               cmd->reply = i_strdup_printf("%c\n",
DICT_PROTOCOL_REPLY_NOTFOUND);
-       } else {
+       } else if (result->ret < 0) {
                i_error("%s", result->error);
                cmd->reply = i_strdup_printf("%c\n",
DICT_PROTOCOL_REPLY_FAIL);
+       } else {
+               cmd->reply = i_strdup_printf("%c\n",
DICT_PROTOCOL_REPLY_NOTFOUND);
        }
        dict_connection_cmds_flush(cmd->conn);
 }


Kind regards,

-- 
Sebastiaan Hoogeveen

NederHost
https://www.nederhost.nl/
KvK: 34099781

On 11 May 2016, at 23:49, NederHost/Sebastiaan Hoogeveen <s.hoogeveen at
nederhost.nl> wrote:
> 
> Hi,
> 
> I noticed a bug doing dict lookups on an SQLite database which had NULL
values in its columns; a segmentation fault occurred, probably due to a null
pointer dereference in str_tabescape. The problem is that sqlite3_column_text
returns a null pointer for column values which are (SQL) NULL. It seems the
other database drivers do something similar. The following patch makes the dict
server check for null pointers and return a 'not found' reply in those
cases (I changed the order around in the decision tree to avoid having to repeat
return values):
Fixed a bit differently:
https://github.com/dovecot/core/commit/923ed5836f90175e736846f02edfd9c2ee07dc6b