Skip site navigation (1) Skip section navigation (2)

Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)]

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Martin Pitt <mpitt(at)debian(dot)org>, pgsql-bugs(at)postgresql(dot)org,pgsql-odbc(at)postgresql(dot)org
Cc: 247306(at)bugs(dot)debian(dot)org
Subject: Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)]
Date: 2004-05-13 17:43:09
Message-ID: 200405131943.09803.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-odbc
Martin Pitt wrote:
> The problem is that make_string() in misc.c does not check whether
> the target buffer is big enough to hold the copied string.
>
> I added a bufsize parameter to make_string() and used it in all calls
> to it. I tried it with my php4 crash test script and now it works
> properly.

Silently truncating various pieces of information is probably not the 
right thing.  What are you truncating?  If it's a query string you 
might open yourself up to SQL-injection type problems.

Plus, the ODBC driver appears to have buffer overruns all over the 
place.  We need to replace every instance of strcpy, strcat, sprintf, 
make_string, and the various other feeble attempts with pqexpbuffer 
from libpq.  That's the only way to solve this problem once and for 
all.


In response to

Responses

pgsql-odbc by date

Next:From: Martin PittDate: 2004-05-13 23:52:29
Subject: Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)]
Previous:From: Martin PittDate: 2004-05-13 09:41:56
Subject: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)]

pgsql-bugs by date

Next:From: Peter EisentrautDate: 2004-05-13 22:47:29
Subject: Re: BUG #1150: grant options not properly checked
Previous:From: Laurent FAILLIEDate: 2004-05-13 16:18:48
Subject: Re: BUG #1151: Initdb fails ...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group