From 61329042eff1ef99d5b1a0a23758b7376f4ced2c Mon Sep 17 00:00:00 2001
From: Bill Erickson <berick@esilibrary.com>
Date: Thu, 16 Aug 2012 15:40:58 -0400
Subject: [PATCH] Sanity check cstore limit/offset param values

Certain cstore calls (direct / json_query) that support limit/offset
params called with a non-string / non-numeric value

e.g. { "limit": null }

result in a cstore segfault as it tries to call atoi(NULL) under the
covers.  This patch prevents this by verifying that the limit/offset
values are actual strings or numbers (i.e. return a value from
jsonObjectGetString) and not JSON_NULL, etc.

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>
---
 Open-ILS/src/c-apps/oils_sql.c | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index 902a4e04c2..c9c1618dc0 100644
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -4910,12 +4910,16 @@ char* SELECT (
 
 	if( limit ){
 		const char* str = jsonObjectGetString( limit );
-		buffer_fadd( sql_buf, " LIMIT %d", atoi( str ));
+		if (str) { // limit could be JSON_NULL, etc.
+			buffer_fadd( sql_buf, " LIMIT %d", atoi( str ));
+		}
 	}
 
 	if( offset ) {
 		const char* str = jsonObjectGetString( offset );
-		buffer_fadd( sql_buf, " OFFSET %d", atoi( str ));
+		if (str) {
+			buffer_fadd( sql_buf, " OFFSET %d", atoi( str ));
+		}
 	}
 
 	if( !(flags & SUBSELECT) )
@@ -5453,21 +5457,25 @@ static char* buildSELECT ( const jsonObject* search_hash, jsonObject* rest_of_qu
 		const jsonObject* limit = jsonObjectGetKeyConst( rest_of_query, "limit" );
 		if( limit ) {
 			const char* str = jsonObjectGetString( limit );
-			buffer_fadd(
-				sql_buf,
-				" LIMIT %d",
-				atoi(str)
-			);
+			if (str) {
+				buffer_fadd(
+					sql_buf,
+					" LIMIT %d",
+					atoi(str)
+				);
+			}
 		}
 
 		const jsonObject* offset = jsonObjectGetKeyConst( rest_of_query, "offset" );
 		if( offset ) {
 			const char* str = jsonObjectGetString( offset );
-			buffer_fadd(
-				sql_buf,
-				" OFFSET %d",
-				atoi( str )
-			);
+			if (str) {
+				buffer_fadd(
+					sql_buf,
+					" OFFSET %d",
+					atoi( str )
+				);
+			}
 		}
 	}
 
-- 
2.43.2