Thread: [Patch] First buffer overflow fixes

[Patch] First buffer overflow fixes

From
Peter Eisentraut
Date:
Here's a small round of fixes for buffer overflows.  They are related to
the recent security announcement, namely that the make_string()
function doesn't check the size of the buffer.  The solution is mainly
based on the patch proposed by Martin Pitt at that time, namely to pass
the size of the buffer, but I'm leaning more in favor of dynamically
allocating buffers rather than using fixed-size arrays, so I used that
approach where possible.

Please inspect.  If no one objects I'll install this patch in a few
days.


Re: [Patch] First buffer overflow fixes

From
Peter Eisentraut
Date:
And here's the patch... :-)

Am Freitag, 9. Juli 2004 00:58 schrieb Peter Eisentraut:
> Here's a small round of fixes for buffer overflows.  They are related to
> the recent security announcement, namely that the make_string()
> function doesn't check the size of the buffer.  The solution is mainly
> based on the patch proposed by Martin Pitt at that time, namely to pass
> the size of the buffer, but I'm leaning more in favor of dynamically
> allocating buffers rather than using fixed-size arrays, so I used that
> approach where possible.
>
> Please inspect.  If no one objects I'll install this patch in a few
> days.

Attachment

Re: [Patch] First buffer overflow fixes

From
"Dave Page"
Date:

> -----Original Message-----
> From: pgsql-odbc-owner@postgresql.org
> [mailto:pgsql-odbc-owner@postgresql.org] On Behalf Of Peter Eisentraut
> Sent: 09 July 2004 09:02
> To: pgsql-odbc@postgresql.org
> Subject: Re: [ODBC] [Patch] First buffer overflow fixes
>
> And here's the patch... :-)
>
> Am Freitag, 9. Juli 2004 00:58 schrieb Peter Eisentraut:
> > Here's a small round of fixes for buffer overflows.  They
> are related
> > to the recent security announcement, namely that the make_string()
> > function doesn't check the size of the buffer.  The
> solution is mainly
> > based on the patch proposed by Martin Pitt at that time, namely to
> > pass the size of the buffer, but I'm leaning more in favor of
> > dynamically allocating buffers rather than using fixed-size
> arrays, so
> > I used that approach where possible.
> >
> > Please inspect.  If no one objects I'll install this patch in a few
> > days.

Looks OK to me - however I noticed a compiler warning in misc.c when
testing - the following patch fixes it:

Index: misc.c
===================================================================
RCS file: /usr/local/cvsroot/psqlodbc/psqlodbc/misc.c,v
retrieving revision 1.39
diff -u -r1.39 misc.c
--- misc.c    9 Dec 2003 10:01:38 -0000    1.39
+++ misc.c    9 Jul 2004 08:48:31 -0000
@@ -266,7 +266,7 @@
 char *
 make_string(const char *s, int len, char *buf)
 {
-    int            length;
+    unsigned int            length;
     char       *str;

     if (s && (len > 0 || (len == SQL_NTS && strlen(s) > 0)))


Regards, Dave.