Issue Details (XML | Word | Printable)

Key: CORE-1440
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Claudio Valderrama C.
Reporter: Claudio Valderrama C.
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Dangerous lack of validation for transaction options

Created: 04/Sep/07 01:44 AM   Updated: 29/Dec/07 05:42 AM
Component/s: Engine
Affects Version/s: 1.0.3, 1.5.2, 1.5.3, 2.0.0, 1.5.4, 2.0.1, 2.0.2
Fix Version/s: 2.1 Beta 2

Time Tracking:
Original Estimate: 2 hours
Original Estimate - 2 hours
Remaining Estimate: 2 hours
Remaining Estimate - 2 hours
Time Spent: Not Specified
Remaining Estimate - 2 hours

Environment: Platform neutral/independent
Issue Links:
Relate


 Description  « Hide
In tra.cpp:transaction_options() we supposedly parse and validate transaction options given in a TPB. However, we have left alive the old bugs coming from IB for years. Example:
- it's possible to make engine read past the end of the TPB stream (for example, giving a table with length indicator being bigger than the remaining bytes in the TPB stream)
- it's possible to select options that conflict with other related options (for example, rec_version & no_rec_version without read_committed)
- it's possible to select conflicting options inside the same category (for example, both read_committed and snapshot, read_only v/s write right for the txn)
- it's possible to put options that only make sense after a relation, before any relation is specified. They will be ignored silently (for example, isc_tpb_protected)
- it's possible to make the engine read trash for the isc_tpb_lock_timeout tag's numeric parameter.


 All   Comments   Work Log   Change History   Version Control   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Claudio Valderrama C. added a comment - 18/Sep/07 02:03 AM
Validations were implemented, but we allow rec_version/no_rec_version before or after RC isolation level.