Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible buffer overflow in client library in Attachment::getInfo() call [CORE6432] #6669

Closed
firebird-automations opened this issue Oct 28, 2020 · 5 comments
Closed

Possible buffer overflow in client library in Attachment::getInfo() call [CORE6432] #6669

firebird-automations opened this issue Oct 28, 2020 · 5 comments
Assignees
@AlexPeshkoff
Labels
affect-version: 2.5.9 affect-version: 3.0.0 affect-version: 3.0.1 affect-version: 3.0.2 affect-version: 3.0.3 affect-version: 3.0.4 affect-version: 3.0.5 affect-version: 3.0.6 affect-version: 3.0.7 affect-version: 4.0 Alpha 1 affect-version: 4.0 Beta 1 affect-version: 4.0 Beta 2 affect-version: 4.0 Initial component: api / client library fix-version: 3.0.8 fix-version: 4.0 RC 1 priority: major qa: cannot be tested type: bug

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

The loop in merge.cpp:72 expects the `in` buffer to eventually contain either isc_info_end, isc_info_truncated or isc_info_implementation, and will otherwise read out of buffer bounds with good chance for access violation.

With correctly working providers chances to get that error are very low, but it can happen in case of bug in provider (on server) or malware server replacement (on client).

Commits: ea6dc2a f88c95a
@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

summary: Possible buffer overflow in client library => Possible buffer overflow in client library in Attachment::getInfo() call

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 4.0 RC 1 [ 10930 ]

Fix Version: 3.0.8 [ 10960 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Cannot be tested

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexPeshkoff AlexPeshkoff

Labels
affect-version: 2.5.9 affect-version: 3.0.0 affect-version: 3.0.1 affect-version: 3.0.2 affect-version: 3.0.3 affect-version: 3.0.4 affect-version: 3.0.5 affect-version: 3.0.6 affect-version: 3.0.7 affect-version: 4.0 Alpha 1 affect-version: 4.0 Beta 1 affect-version: 4.0 Beta 2 affect-version: 4.0 Initial component: api / client library fix-version: 3.0.8 fix-version: 4.0 RC 1 priority: major qa: cannot be tested type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexPeshkoff @firebird-automations