From 9eb7b7ab656fa17bdab085db72a1c2d8a29103b1 Mon Sep 17 00:00:00 2001
From: Simone Mainardi <simonemainardi@gmail.com>
Date: Wed, 20 Apr 2016 14:45:57 +0200
Subject: [PATCH] Prevents possible MySQL errors caused by long queries

Maximum query size has been raised from 2048 to the hardcoded
constant CONST_MAX_SQL_QUERY_LEN that is currently equal
to 8192.

A warning message is generated when attempting to execute
queries longer than the maximum allowed values that would
be truncated.

Fixes #511
---
 src/MySQLDB.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/MySQLDB.cpp b/src/MySQLDB.cpp
index d5180aabc3..f9ac675077 100644
--- a/src/MySQLDB.cpp
+++ b/src/MySQLDB.cpp
@@ -32,16 +32,21 @@ static void* queryLoop(void* ptr) {
 void* MySQLDB::queryLoop() {
   Redis *r = ntop->getRedis();
   MYSQL mysql_alt;
+  char sql[CONST_MAX_SQL_QUERY_LEN];
 
   if(!connectToDB(&mysql_alt, true))
     return(NULL);
 
   while(!ntop->getGlobals()->isShutdown()) {
-    char sql[2048];
     int rc = r->lpop(CONST_SQL_QUEUE, sql, sizeof(sql));
 
     if(rc == 0) {
-      if(exec_sql_query(&mysql_alt, sql, true, true, false) < 0) {
+      if (strlen(sql) >= CONST_MAX_SQL_QUERY_LEN - 1){
+	ntop->getTrace()->traceEvent(TRACE_WARNING,
+				     "Tried to execute a query longer than %u. Skipping.",
+				     CONST_MAX_SQL_QUERY_LEN - 2);
+	continue;  // prevents overflown queries to generate mysql errors
+      } else if(exec_sql_query(&mysql_alt, sql, true, true, false) < 0) {
 	ntop->getTrace()->traceEvent(TRACE_ERROR, "MySQL error: %s", get_last_db_error(&mysql_alt));
 	ntop->getTrace()->traceEvent(TRACE_ERROR, "%s", sql);
 	mysql_close(&mysql_alt);