Issue Details (XML | Word | Printable)

Key: CORE-1405
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Alexander Peshkov
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.
Firebird Core

vulnerability in attach/create database when filename exceeds MAX_PATH_LEN

Created: 06/Aug/07 04:36 AM   Updated: 20/Aug/16 06:28 PM
Component/s: Engine
Affects Version/s: 1.0.3, 1.5.2, 1.5.3, 2.0.0, 1.5.4, 2.0.1
Fix Version/s: 2.1 Alpha 1, 2.0.2, 1.5.5

Environment: OS/platform independent

QA Status: Not enough information

 Description  « Hide
Vulnerability was reported in admins list. In yValve create/attach calls still have fixed size buffers of MaxPathLen for database name, without checks for buffer size. In HEAD bug was fixed during regular cleanup.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 06/Aug/07 04:37 AM
Fix was commited at the 1 of August 2007 as fix for unregistered bug.
Item added according to Dmitry's request.