Issue Details (XML | Word | Printable)

Key: CORE-1405
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Alexander Peshkov
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

vulnerability in attach/create database when filename exceeds MAX_PATH_LEN

Created: 06/Aug/07 04:36 AM   Updated: 27/Mar/08 12:23 PM
Component/s: Engine
Affects Version/s: 1.0.3, 1.5.2, 1.5.3, 2.0.0, 1.5.4, 2.0.1
Fix Version/s: 2.1 Alpha 1, 2.0.2, 1.5.5

Time Tracking:
Not Specified

Environment: OS/platform independent


 Description  « Hide
Vulnerability was reported in admins list. In yValve create/attach calls still have fixed size buffers of MaxPathLen for database name, without checks for buffer size. In HEAD bug was fixed during regular cleanup.

 All   Comments   Work Log   Change History   Version Control   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 06/Aug/07 04:37 AM
Fix was commited at the 1 of August 2007 as fix for unregistered bug.
Item added according to Dmitry's request.