New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Buffer overrun when querying for database info on very long path through isc_database_info() API call. [CORE1447] #1865
Comments
Commented by: Claudio Valderrama C. (robocop) I modified isql's show.epp in the following way:
- Preprocessed, compiled isql and did the command SHOW DATABASE. Nothing strange. - Connected with isql and did SHOW DATABASE again. This time the engine crashes. No surprise, since it's writing more than 300 bytes into a 256 bytes array. |
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
Modified by: Claudio Valderrama C. (robocop)assignee: Alexander Peshkov [ alexpeshkoff ] => Claudio Valderrama C. [ robocop ] |
Modified by: Claudio Valderrama C. (robocop)status: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.1 Beta 2 [ 10190 ] |
Commented by: @pcisar Shouldn't we back port this to 2.0 ? |
Modified by: Claudio Valderrama C. (robocop)status: Resolved [ 5 ] => Reopened [ 4 ] resolution: Fixed [ 1 ] => |
Commented by: Claudio Valderrama C. (robocop) Backported to v2.0.X as well. |
Modified by: Claudio Valderrama C. (robocop)status: Reopened [ 4 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 1.5.5 [ 10220 ] Fix Version: 2.0.4 [ 10211 ] |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pcisarWorkflow: jira [ 13020 ] => Firebird [ 13920 ] |
Modified by: @pavel-zotovQA Status: No test |
Submitted by: Claudio Valderrama C. (robocop)
Assigned to: Claudio Valderrama C. (robocop)
It's possible to cause a buffer overrun by just creating a db on a long path.
When asking information about it through isc_database_info(), an internal buffer is saturated without checking bounds.
Commits: 8edad4b 5fcb8df b18b0ee
The text was updated successfully, but these errors were encountered: