apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53676] New: Uninitialized memory access when parsing DBDParams in apr_dbd_freetds.c could lead to crashes
Date Tue, 07 Aug 2012 16:45:45 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53676

          Priority: P2
            Bug ID: 53676
          Assignee: bugs@apr.apache.org
           Summary: Uninitialized memory access when parsing DBDParams in
                    apr_dbd_freetds.c could lead to crashes
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: mi+apache@aldan.algebra.com
          Hardware: All
            Status: NEW
           Version: 1.4.1
         Component: APR-util
           Product: APR

Created attachment 29183
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=29183&action=edit
Fix parsing of DBDParams in apr_dbd_freetds.c

DBDParams are expected to be strings like
"username=foo,password=bar,server=doofus". The parsing code looks for the next
=-sign first and then retracts back to find the beginning of the key (such as
"username"). The current code skips before the very first key into
uninitialized memory.

The attached patch also adds a tiny bit of const-poisoning and the inclusion of
<sybfront.h>, which is necessary, when compiling against real Sybase headers
rather than FreeTDS (though FreeTDS supplies the header too).

But the actual bug-fix is in the third (last) hunk of the patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org


Mime
View raw message