Обсуждение: SQLGetInfo buffer overflow?

Anyone have a comment on
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178925

            regards, tom lane

Wed, Jan 25, 2006 at 11:52:13AM -0500, Tom Lane napsal(a):
> Anyone have a comment on
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178925

I see no problem without Unicode support. I'm not sure with unicode version.

RETCODE SQL_API PGAPI_GetInfo(
  HDBC hdbc,
  UWORD fInfoType,             // 18
  PTR rgbInfoValue,            // output buffer
  SWORD cbInfoValueMax,        // size of output buffer
  SWORD FAR * pcbInfoValue)    // returned length
{
  char  *p = NULL,
        tmp[MAX_INFO_STRING];
  int   len = 0;

...

  switch (fInfoType)
    case SQL_DBMS_VER:
      snprintf(tmp, sizeof(tmp) - 1, "%s %s", POSTGRESDRIVERVERSION, conn->pg_version);
      tmp[sizeof(tmp) - 1] = '\0';
      p = tmp;
      break;

...

  result = SQL_SUCCESS;

  if (p) {
    len = strlen(p);
#ifdef  UNICODE_SUPPORT
    if (conn->unicode)
      len = len * WCLEN;
#endif
    if (rgbInfoValue) {
#ifdef  UNICODE_SUPPORT
      if (conn->unicode)
        len = utf8_to_ucs2(p, len, (SQLWCHAR *) rgbInfoValue, cbInfoValueMax / 2);
      else
#endif
        strncpy_null((char *) rgbInfoValue, p, (size_t) cbInfoValueMax);

      if (len >= cbInfoValueMax) {
        result = SQL_SUCCESS_WITH_INFO;
        CC_set_error(conn, CONN_TRUNCATED, "The buffer was too small for the InfoValue.");
      }
    }
  }

...

  if (pcbInfoValue)
    *pcbInfoValue = len;

  mylog("%s: p='%s', len=%d, value=%d, cbMax=%d\n", func, p ? p : "<NULL>", len, value, cbInfoValueMax);

  return result;
}

I have no time for this issue until next week. The code is located
in info.c.

Regards,

Luf

unsubscribe

Wed, Jan 25, 2006 at 06:16:22PM +0100, Ludek Finstrle napsal(a):
> Wed, Jan 25, 2006 at 11:52:13AM -0500, Tom Lane napsal(a):
> > Anyone have a comment on
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178925
>
> I see no problem without Unicode support. I'm not sure with unicode version.

I test unicode driver 08.01.0106 on CentOS 4.2 x86_64 without such problem.
I have no Fedora 4 x86_64 to test it.

Perl code to test (it needs DBD::ODBC):

use DBI;

my $dbh = DBI->connect('dbi:ODBC:<DSN>','username','password');
print $dbh->func(18, GetInfo);
$dbh->disconnect;

Could someone test it with Fedora 4 on x86_64?

Thanks,

Luf

Ludek Finstrle <luf@pzkagis.cz> writes:
> Wed, Jan 25, 2006 at 06:16:22PM +0100, Ludek Finstrle napsal(a):
>> Wed, Jan 25, 2006 at 11:52:13AM -0500, Tom Lane napsal(a):
>>> Anyone have a comment on
>>> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178925
>>
>> I see no problem without Unicode support. I'm not sure with unicode version.
> I test unicode driver 08.01.0106 on CentOS 4.2 x86_64 without such problem.

Argh, false alarm: the reporter was *not* using psqlodbc, he was using
the ancient and unmaintained version embedded in the unixODBC package.
That predates the bug fix applied here:
http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/psqlodbc/psqlodbc/info.c.diff?r1=1.89&r2=1.90

Sorry for the noise.

            regards, tom lane