History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES       PLANNING BOARD   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: CORE-1405
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Alexander Peshkov
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

vulnerability in attach/create database when filename exceeds MAX_PATH_LEN

Created: 06/Aug/07 04:36 AM   Updated: 27/Mar/08 12:23 PM
Component/s: Engine
Affects Version/s: 2.0.1, 1.5.4, 2.0.0, 1.5.3, 1.5.2, 1.0.3
Fix Version/s: 2.0.2, 2.1 Alpha 1, 1.5.5

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown
Environment: OS/platform independent

Resolution Date: 06/Aug/07


 Description  « Hide
Vulnerability was reported in admins list. In yValve create/attach calls still have fixed size buffers of MaxPathLen for database name, without checks for buffer size. In HEAD bug was fixed during regular cleanup.

 All   Comments   Work Log   Change History   Version Control      Sort Order:
[ Permlink | « Hide ]
Alexander Peshkov - [06/Aug/07 04:37 AM ]
Fix was commited at the 1 of August 2007 as fix for unregistered bug.
Item added according to Dmitry's request.


Powered by a free Atlassian JIRA non-profit license for Firebird. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.8.1-#210) - Bug/feature request - Contact Administrators