|
Lines 1-3
Link Here
|
|
|
1 |
postgresql (7.2.1-2woody5) stable-security; urgency=low |
| 2 |
|
| 3 |
* Fixed buffer overflow in ODBC driver (src/interfaces/odbc/): |
| 4 |
added parameter for target buffer size to make_string() to prevent |
| 5 |
buffer overflows and corrected all calls to it. This fixes #247306 for |
| 6 |
woody (bug was already closed with the upload to sid). |
| 7 |
|
| 8 |
With previous versions it was possible to crash (and possibly exploit) |
| 9 |
e. g. apache if a PHP script connected to a ODBC database with very long |
| 10 |
credential strings (DSN, username, password, etc.). |
| 11 |
|
| 12 |
Other parts of postgresql are not affected. |
| 13 |
|
| 14 |
-- Martin Pitt <mpitt@debian.org> Thu, 13 May 2004 11:00:07 +0200 |
| 15 |
|
| 1 |
postgresql (7.2.1-2woody4) stable-security; urgency=low |
16 |
postgresql (7.2.1-2woody4) stable-security; urgency=low |
| 2 |
|
17 |
|
| 3 |
* Updated config/config.{guess,sub} to the recent woody version (building on |
18 |
* Updated config/config.{guess,sub} to the recent woody version (building on |
| 4 |
-- postgresql-7.2.1.orig/src/interfaces/odbc/connection.c |
19 |
++ postgresql-7.2.1/src/interfaces/odbc/connection.c |
|
Lines 105-111
Link Here
|
| 105 |
|
105 |
|
| 106 |
ci = &conn->connInfo; |
106 |
ci = &conn->connInfo; |
| 107 |
|
107 |
|
| 108 |
make_string(szDSN, cbDSN, ci->dsn); |
108 |
make_string(szDSN, cbDSN, ci->dsn, sizeof(ci->dsn)); |
| 109 |
|
109 |
|
| 110 |
/* get the values for the DSN from the registry */ |
110 |
/* get the values for the DSN from the registry */ |
| 111 |
getDSNinfo(ci, CONN_OVERWRITE); |
111 |
getDSNinfo(ci, CONN_OVERWRITE); |
|
Lines 117-124
Link Here
|
| 117 |
* override values from DSN info with UID and authStr(pwd) This only |
117 |
* override values from DSN info with UID and authStr(pwd) This only |
| 118 |
* occurs if the values are actually there. |
118 |
* occurs if the values are actually there. |
| 119 |
*/ |
119 |
*/ |
| 120 |
make_string(szUID, cbUID, ci->username); |
120 |
make_string(szUID, cbUID, ci->username,sizeof(ci->username)); |
| 121 |
make_string(szAuthStr, cbAuthStr, ci->password); |
121 |
make_string(szAuthStr, cbAuthStr, ci->password, sizeof(ci->password)); |
| 122 |
|
122 |
|
| 123 |
/* fill in any defaults */ |
123 |
/* fill in any defaults */ |
| 124 |
getDSNdefaults(ci); |
124 |
getDSNdefaults(ci); |
| 125 |
-- postgresql-7.2.1.orig/src/interfaces/odbc/drvconn.c |
125 |
++ postgresql-7.2.1/src/interfaces/odbc/drvconn.c |
|
Lines 91-97
Link Here
|
| 91 |
return SQL_INVALID_HANDLE; |
91 |
return SQL_INVALID_HANDLE; |
| 92 |
} |
92 |
} |
| 93 |
|
93 |
|
| 94 |
make_string(szConnStrIn, cbConnStrIn, connStrIn); |
94 |
make_string(szConnStrIn, cbConnStrIn, connStrIn, sizeof(connStrIn)); |
| 95 |
|
95 |
|
| 96 |
mylog("**** PGAPI_DriverConnect: fDriverCompletion=%d, connStrIn='%s'\n", fDriverCompletion, connStrIn); |
96 |
mylog("**** PGAPI_DriverConnect: fDriverCompletion=%d, connStrIn='%s'\n", fDriverCompletion, connStrIn); |
| 97 |
qlog("conn=%u, PGAPI_DriverConnect( in)='%s', fDriverCompletion=%d\n", conn, connStrIn, fDriverCompletion); |
97 |
qlog("conn=%u, PGAPI_DriverConnect( in)='%s', fDriverCompletion=%d\n", conn, connStrIn, fDriverCompletion); |
| 98 |
-- postgresql-7.2.1.orig/src/interfaces/odbc/misc.h |
98 |
++ postgresql-7.2.1/src/interfaces/odbc/misc.h |
|
Lines 84-90
Link Here
|
| 84 |
void remove_newlines(char *string); |
84 |
void remove_newlines(char *string); |
| 85 |
char *strncpy_null(char *dst, const char *src, int len); |
85 |
char *strncpy_null(char *dst, const char *src, int len); |
| 86 |
char *trim(char *string); |
86 |
char *trim(char *string); |
| 87 |
char *make_string(const char *s, int len, char *buf); |
87 |
char *make_string(const char *s, int len, char *buf, int bufsize); |
| 88 |
char *my_strcat(char *buf, const char *fmt, const char *s, int len); |
88 |
char *my_strcat(char *buf, const char *fmt, const char *s, int len); |
| 89 |
|
89 |
|
| 90 |
/* defines for return value of my_strcpy */ |
90 |
/* defines for return value of my_strcpy */ |
| 91 |
-- postgresql-7.2.1.orig/src/interfaces/odbc/misc.c |
91 |
++ postgresql-7.2.1/src/interfaces/odbc/misc.c |
|
Lines 222-233
Link Here
|
| 222 |
/*------ |
222 |
/*------ |
| 223 |
* Create a null terminated string (handling the SQL_NTS thing): |
223 |
* Create a null terminated string (handling the SQL_NTS thing): |
| 224 |
* 1. If buf is supplied, place the string in there |
224 |
* 1. If buf is supplied, place the string in there |
| 225 |
* (assumes enough space) and return buf. |
225 |
* (at most bufsize-1 bytes) and return buf. |
| 226 |
* 2. If buf is not supplied, malloc space and return this string |
226 |
* 2. If buf is not supplied, malloc space and return this string; |
|
|
227 |
* (buflen is ignored in this case). |
| 227 |
*------ |
228 |
*------ |
| 228 |
*/ |
229 |
*/ |
| 229 |
char * |
230 |
char * |
| 230 |
make_string(const char *s, int len, char *buf) |
231 |
make_string(const char *s, int len, char *buf, int bufsize) |
| 231 |
{ |
232 |
{ |
| 232 |
int length; |
233 |
int length; |
| 233 |
char *str; |
234 |
char *str; |
|
Lines 238-243
Link Here
|
| 238 |
|
239 |
|
| 239 |
if (buf) |
240 |
if (buf) |
| 240 |
{ |
241 |
{ |
|
|
242 |
if(length >= bufsize) |
| 243 |
length = bufsize-1; |
| 241 |
strncpy_null(buf, s, length + 1); |
244 |
strncpy_null(buf, s, length + 1); |
| 242 |
return buf; |
245 |
return buf; |
| 243 |
} |
246 |
} |
| 244 |
-- postgresql-7.2.1.orig/src/interfaces/odbc/info.c |
247 |
++ postgresql-7.2.1/src/interfaces/odbc/info.c |
|
Lines 1186-1192
Link Here
|
| 1186 |
show_views = FALSE; |
1186 |
show_views = FALSE; |
| 1187 |
|
1187 |
|
| 1188 |
/* make_string mallocs memory */ |
1188 |
/* make_string mallocs memory */ |
| 1189 |
tableType = make_string(szTableType, cbTableType, NULL); |
1189 |
tableType = make_string(szTableType, cbTableType, NULL, 0); |
| 1190 |
if (tableType) |
1190 |
if (tableType) |
| 1191 |
{ |
1191 |
{ |
| 1192 |
strcpy(table_types, tableType); |
1192 |
strcpy(table_types, tableType); |
|
Lines 2086-2092
Link Here
|
| 2086 |
* only use the table name... the owner should be redundant, and we |
2086 |
* only use the table name... the owner should be redundant, and we |
| 2087 |
* never use qualifiers. |
2087 |
* never use qualifiers. |
| 2088 |
*/ |
2088 |
*/ |
| 2089 |
table_name = make_string(szTableName, cbTableName, NULL); |
2089 |
table_name = make_string(szTableName, cbTableName, NULL, 0); |
| 2090 |
if (!table_name) |
2090 |
if (!table_name) |
| 2091 |
{ |
2091 |
{ |
| 2092 |
stmt->errormsg = "No table name passed to PGAPI_Statistics."; |
2092 |
stmt->errormsg = "No table name passed to PGAPI_Statistics."; |
|
Lines 2524-2530
Link Here
|
| 2524 |
tbl_stmt = (StatementClass *) htbl_stmt; |
2524 |
tbl_stmt = (StatementClass *) htbl_stmt; |
| 2525 |
|
2525 |
|
| 2526 |
pktab[0] = '\0'; |
2526 |
pktab[0] = '\0'; |
| 2527 |
make_string(szTableName, cbTableName, pktab); |
2527 |
make_string(szTableName, cbTableName, pktab, sizeof(pktab)); |
| 2528 |
if (pktab[0] == '\0') |
2528 |
if (pktab[0] == '\0') |
| 2529 |
{ |
2529 |
{ |
| 2530 |
stmt->errormsg = "No Table specified to PGAPI_PrimaryKeys."; |
2530 |
stmt->errormsg = "No Table specified to PGAPI_PrimaryKeys."; |
|
Lines 2978-2985
Link Here
|
| 2978 |
pk_table_needed[0] = '\0'; |
2978 |
pk_table_needed[0] = '\0'; |
| 2979 |
fk_table_needed[0] = '\0'; |
2979 |
fk_table_needed[0] = '\0'; |
| 2980 |
|
2980 |
|
| 2981 |
make_string(szPkTableName, cbPkTableName, pk_table_needed); |
2981 |
make_string(szPkTableName, cbPkTableName, pk_table_needed, sizeof(pk_table_needed)); |
| 2982 |
make_string(szFkTableName, cbFkTableName, fk_table_needed); |
2982 |
make_string(szFkTableName, cbFkTableName, fk_table_needed, sizeof(fk_table_needed)); |
| 2983 |
|
2983 |
|
| 2984 |
#ifdef MULTIBYTE |
2984 |
#ifdef MULTIBYTE |
| 2985 |
pkey_text = fkey_text = pkt_text = fkt_text = NULL; |
2985 |
pkey_text = fkey_text = pkt_text = fkt_text = NULL; |
| 2986 |
-- postgresql-7.2.1.orig/src/interfaces/odbc/execute.c |
2986 |
++ postgresql-7.2.1/src/interfaces/odbc/execute.c |
|
Lines 95-101
Link Here
|
| 95 |
if (self->statement) |
95 |
if (self->statement) |
| 96 |
free(self->statement); |
96 |
free(self->statement); |
| 97 |
|
97 |
|
| 98 |
self->statement = make_string(szSqlStr, cbSqlStr, NULL); |
98 |
self->statement = make_string(szSqlStr, cbSqlStr, NULL, 0); |
| 99 |
if (!self->statement) |
99 |
if (!self->statement) |
| 100 |
{ |
100 |
{ |
| 101 |
self->errornumber = STMT_NO_MEMORY_ERROR; |
101 |
self->errornumber = STMT_NO_MEMORY_ERROR; |
|
Lines 146-152
Link Here
|
| 146 |
* keep a copy of the un-parametrized statement, in case they try to |
146 |
* keep a copy of the un-parametrized statement, in case they try to |
| 147 |
* execute this statement again |
147 |
* execute this statement again |
| 148 |
*/ |
148 |
*/ |
| 149 |
stmt->statement = make_string(szSqlStr, cbSqlStr, NULL); |
149 |
stmt->statement = make_string(szSqlStr, cbSqlStr, NULL, 0); |
| 150 |
if (!stmt->statement) |
150 |
if (!stmt->statement) |
| 151 |
{ |
151 |
{ |
| 152 |
stmt->errornumber = STMT_NO_MEMORY_ERROR; |
152 |
stmt->errornumber = STMT_NO_MEMORY_ERROR; |
|
Lines 575-581
Link Here
|
| 575 |
|
575 |
|
| 576 |
mylog("%s: entering...cbSqlStrIn=%d\n", func, cbSqlStrIn); |
576 |
mylog("%s: entering...cbSqlStrIn=%d\n", func, cbSqlStrIn); |
| 577 |
|
577 |
|
| 578 |
ptr = (cbSqlStrIn == 0) ? "" : make_string(szSqlStrIn, cbSqlStrIn, NULL); |
578 |
ptr = (cbSqlStrIn == 0) ? "" : make_string(szSqlStrIn, cbSqlStrIn, NULL, 0); |
| 579 |
if (!ptr) |
579 |
if (!ptr) |
| 580 |
{ |
580 |
{ |
| 581 |
conn->errornumber = CONN_NO_MEMORY_ERROR; |
581 |
conn->errornumber = CONN_NO_MEMORY_ERROR; |