Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buffer overflow on client when delivering events. [CORE2437] #2853

Closed
firebird-automations opened this issue Apr 17, 2009 · 12 comments
Closed

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

Is related to CORE2272

If for any reason badly formed list of events is used in isc_events_que(), it's sent to server and processed without any sanity checks (for server reads data after the end of passed buffer). As a result event with name, longer than expected, can be returned to client, passed to callback routine and cause BOF on client.

Commits: f6dae79 0b6e7f1 cd54e55

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

Link: This issue is related to CORE2272 [ CORE2272 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Bug was found when trying to reproduce CORE2272

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Open [ 1 ]

Target: 2.1.3, 2.0.6 [ 10302, 10303 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Added minimum sanity check for malformed EPB on server and check for size of received event notification on client.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5 RC1 [ 10300 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Reopened to add backporting info

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Resolved [ 5 ] => Reopened [ 4 ]

resolution: Fixed [ 1 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Reopened [ 4 ] => Reopened [ 4 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Reopened [ 4 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1.3 [ 10302 ]

Fix Version: 2.0.6 [ 10303 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment