New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access to children of multiple transaction [CORE1789] #2215
Comments
Commented by: @dyemanov Do you want sub-transactions to have non-public handles? Or do you have problems with the range scan hack? The latter is by design, FWIW (although there's no guarantee you will be so lucky under high load). |
Commented by: @ibprovider I want obtain the error "invalid transaction handle" when the non-public transaction handles uses with public API |
Commented by: @AlexPeshkoff What is described here is not a vulnerability. I'm agreed that API should be able to protect from crazy errors (like NULL pointer when non-NULL expected, etc.). But what you suggest here (scan range of handles from M to N) sooner looks like attack on remote site, not use of API, when you work with your _own_ set of transactions. Why in the hell would any user try to find and use subhandles of his own, legally started transaction? If he wants to break his application inside API call, there are a lot of much simpler ways to do it - just use not NULL, but invalid pointer:) |
Commented by: @ibprovider The test for this problem has about 100 lines Correction of this problem (I think) will be have less than 100 lines Or [more private case] |
Commented by: @AlexPeshkoff Dmitry, could it be a real problem we will take measures to fix. But I see no problems here at all. |
Submitted by: @ibprovider
fbclient.dll allows access to internal transactions created at multiple transaction
Scenario
1. create two connection: cn1, cn2
2. start of single transaction1 (cn1)
3. start of multiple transaction (cn1 and cn2)
4. start of single transaction2 (cn1)
5. scan the handles at range (transaction1_handle, transaction2_handle). Exclude handle of multiple transaction
Obtained new handles can be used as separate transactions handles.
The text was updated successfully, but these errors were encountered: