Skip site navigation (1) Skip section navigation (2)

Re: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: 247306(at)bugs(dot)debian(dot)org, pgsql-bugs(at)postgresql(dot)org,Martin Pitt <martin(at)piware(dot)de>
Cc: pgsql-odbc(at)postgresql(dot)org
Subject: Re: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)
Date: 2004-05-11 23:31:37
Message-ID: 200405120130.16067.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-odbc
Martin Pitt wrote:
> A week ago we at Debian received the bug report below: due to a
> buffer overflow in psqlodbc it is possible to crash (and possibly
> exploit) apache. I already sent this mail to the psqlodbc list [1],
> but unfortunately got no response so far. So maybe there are some
> hackers here who can help with this?

The problem is that the ODBC driver just writes the long user name or 
password into its internal data structures without paying attention the 
fact that it's only got 256 bytes of space.  (function PGAPI_Connect in 
file connection.c)  It's the oldest bug in the book really.


In response to

Responses

pgsql-odbc by date

Next:From: Martin PittDate: 2004-05-11 23:47:09
Subject: Re: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)
Previous:From: Thomas LeBlancDate: 2004-05-11 22:36:16
Subject: Updating a ADO RecordSet with INNER JOIN...

pgsql-bugs by date

Next:From: Martin PittDate: 2004-05-11 23:47:09
Subject: Re: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)
Previous:From: Tom LaneDate: 2004-05-11 20:54:04
Subject: Re: Bug in backend/lib/stringinfo.c:enlargeStringInfo()

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group