From 11d6e84b8e5dadf35d3a6b19ba980583a6ff3144 Mon Sep 17 00:00:00 2001
From: "Jose M. Guisado" <jguisado@soleta.eu>
Date: Tue, 6 Apr 2021 12:52:07 +0200
Subject: #915 Avoid duplicate db entries in /create/image

/create/image adds an entry to the database for the given partition
image created when payload contains a "description" attribute. This
insertion into the database is lacking a check for duplicates, which are
not supported for the images table.

Add a prior duplicate check before inserting. Exit with -1 code if an
image with the same name is found.
---
 src/dbi.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/dbi.c b/src/dbi.c
index 3f97fee..df3cebe 100644
--- a/src/dbi.c
+++ b/src/dbi.c
@@ -134,6 +134,24 @@ int og_dbi_add_image(struct og_dbi *dbi, const struct og_image *image)
 	const char *msglog;
 	dbi_result result;
 
+	result = dbi_conn_queryf(dbi->conn,
+				 "SELECT nombreca FROM imagenes WHERE nombreca = '%s'",
+				 image->name);
+	if (!result) {
+		dbi_conn_error(dbi->conn, &msglog);
+		syslog(LOG_ERR, "failed to query database (%s:%d) %s\n",
+		       __func__, __LINE__, msglog);
+		return -1;
+	}
+
+	if (dbi_result_next_row(result)) {
+		syslog(LOG_ERR, "image creation attempt with already used image name (%s:%d)\n",
+		       __func__, __LINE__);
+		dbi_result_free(result);
+		return -1;
+	}
+	dbi_result_free(result);
+
 	result = dbi_conn_queryf(dbi->conn,
 				 "INSERT INTO imagenes (nombreca, "
 				 "descripcion, "
-- 
cgit v1.2.3-18-g5258