Possible memory trashing when raising some exceptions to signal failed security checks [CORE2858] #3243
Labels
affect-version: 2.1.0
affect-version: 2.1.1
affect-version: 2.1.2
affect-version: 2.1.3
affect-version: 2.5 Alpha 1
affect-version: 2.5 Beta 1
affect-version: 2.5 Beta 2
affect-version: 2.5 RC1
affect-version: 2.5 RC2
affect-version: 2.5 RC3
affect-version: 3.0 Initial
component: engine
fix-version: 2.1.4
fix-version: 2.5 RC3
fix-version: 3.0 Alpha 1
priority: major
type: bug
Submitted by: Claudio Valderrama C. (robocop)
Assigned to: Claudio Valderrama C. (robocop)
Here's an extract from two isql sessions:
F:\fb2dev\fbbuild\firebird25\temp\Win32\Debug\firebird\bin>isql -user sysdba
-pass masterkey
Use CONNECT or CREATE DATABASE to specify a database
SQL> create database 'testsec.fdb';
SQL> create user cvc password 'cpp';
SQL> create table t(a int);
SQL> grant update(a) on t to user cvc;
SQL> ^Z
F:\fb2dev\fbbuild\firebird25\temp\Win32\Debug\firebird\bin>isql TESTSEC.FDB
-user cvc -pass cpp
Database: TESTSEC.FDB, User: cvc
SQL> alter table t alter column a to "A2";
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-MODIFY RDB$RELATION_FIELDS failed
-no permission for control access to
-no permission for <Missing arg #1 - possibly status vector overflow> access
to <Missing arg #2 - possibly status vector overflow> <Missing arg #3 -
possibly status vector overflow>
SQL> ^Z
This is what happens in v3 and v2.5. Going backwards, v2.1 fails in a more elegant way:
SQL> alter table t alter column a to a2;
Statement failed, SQLCODE = -607
unsuccessful metadata update
-MODIFY RDB$RELATION_FIELDS failed
-no permission for control access to
-no permission for control access to @2? @3?
I didn't test v2.0 but I wouldn't be surprised if the message is screwed, too.
Commits: a2a6432 051e69c 753f914
The text was updated successfully, but these errors were encountered: