Home > mailing lists

Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)] - Mailing list pgsql-odbc

From	Peter Eisentraut
Subject	Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)]
Date	May 13, 2004 17:43:35
Msg-id	200405131943.09803.peter_e@gmx.net Whole thread Raw
Responses	Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)]
List	pgsql-odbc

Tree view

Martin Pitt wrote:
> The problem is that make_string() in misc.c does not check whether
> the target buffer is big enough to hold the copied string.
>
> I added a bufsize parameter to make_string() and used it in all calls
> to it. I tried it with my php4 crash test script and now it works
> properly.

Silently truncating various pieces of information is probably not the
right thing.  What are you truncating?  If it's a query string you
might open yourself up to SQL-injection type problems.

Plus, the ODBC driver appears to have buffer overruns all over the
place.  We need to replace every instance of strcpy, strcat, sprintf,
make_string, and the various other feeble attempts with pqexpbuffer
from libpq.  That's the only way to solve this problem once and for
all.

pgsql-odbc by date:

From: Peter Eisentraut
Date: 11 May 2004, 23:34:13
Subject: Re: [BUGS] Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)

From: Martin Pitt
Date: 13 May 2004, 23:53:04
Subject: Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)]

Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)] - Mailing list pgsql-odbc

Previous

Next