Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible buffer overflow with long user name [CORE1603] #2024

Closed
firebird-automations opened this issue Nov 19, 2007 · 8 comments
Closed

Possible buffer overflow with long user name [CORE1603] #2024

firebird-automations opened this issue Nov 19, 2007 · 8 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

One more BOF with user name bigger then expected

Commits: 55d2569 d26f8cf 3e0d8eb

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

There is no control on length of user name, i.e. one passed in DPB can be up to 255 bytes. Buffer for user name, passed from getUserInfo() into verifyUser(), is 129 bytes long, but the first thing done by verifyUser(), is copying value from DPB to that buffer - without any size check.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Reworked code to make it use class string instead of plain character buffer.

At the same time backported some cleanup is ISC_get_user() in WIN_NT.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1 RC1 [ 10201 ]

Fix Version: 2.0.4 [ 10211 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Workflow: jira [ 13462 ] => Firebird [ 13954 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

backported

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

Fix Version: 1.5.6 [ 10225 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment