From: | "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk> |
---|---|
To: | "Peter Eisentraut" <peter_e(at)gmx(dot)net>, <pgsql-odbc(at)postgresql(dot)org> |
Subject: | Re: [Patch] First buffer overflow fixes |
Date: | 2004-07-09 08:52:15 |
Message-ID: | E7F85A1B5FF8D44C8A1AF6885BC9A0E40C390E@ratbert.vale-housing.co.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-odbc |
> -----Original Message-----
> From: pgsql-odbc-owner(at)postgresql(dot)org
> [mailto:pgsql-odbc-owner(at)postgresql(dot)org] On Behalf Of Peter Eisentraut
> Sent: 09 July 2004 09:02
> To: pgsql-odbc(at)postgresql(dot)org
> Subject: Re: [ODBC] [Patch] First buffer overflow fixes
>
> And here's the patch... :-)
>
> Am Freitag, 9. Juli 2004 00:58 schrieb Peter Eisentraut:
> > Here's a small round of fixes for buffer overflows. They
> are related
> > to the recent security announcement, namely that the make_string()
> > function doesn't check the size of the buffer. The
> solution is mainly
> > based on the patch proposed by Martin Pitt at that time, namely to
> > pass the size of the buffer, but I'm leaning more in favor of
> > dynamically allocating buffers rather than using fixed-size
> arrays, so
> > I used that approach where possible.
> >
> > Please inspect. If no one objects I'll install this patch in a few
> > days.
Looks OK to me - however I noticed a compiler warning in misc.c when
testing - the following patch fixes it:
Index: misc.c
===================================================================
RCS file: /usr/local/cvsroot/psqlodbc/psqlodbc/misc.c,v
retrieving revision 1.39
diff -u -r1.39 misc.c
--- misc.c 9 Dec 2003 10:01:38 -0000 1.39
+++ misc.c 9 Jul 2004 08:48:31 -0000
@@ -266,7 +266,7 @@
char *
make_string(const char *s, int len, char *buf)
{
- int length;
+ unsigned int length;
char *str;
if (s && (len > 0 || (len == SQL_NTS && strlen(s) > 0)))
Regards, Dave.
From | Date | Subject | |
---|---|---|---|
Next Message | Local Cuber | 2004-07-09 13:34:10 | Re: Emergent: get table names from SageLine50 by ODBC |
Previous Message | Peter Eisentraut | 2004-07-09 08:01:35 | Re: [Patch] First buffer overflow fixes |