Return-Path: X-Original-To: apmail-apr-bugs-archive@www.apache.org Delivered-To: apmail-apr-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 28973C24D for ; Tue, 7 Aug 2012 16:46:08 +0000 (UTC) Received: (qmail 2446 invoked by uid 500); 7 Aug 2012 16:46:08 -0000 Delivered-To: apmail-apr-bugs-archive@apr.apache.org Received: (qmail 2429 invoked by uid 500); 7 Aug 2012 16:46:07 -0000 Mailing-List: contact bugs-help@apr.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@apr.apache.org Delivered-To: mailing list bugs@apr.apache.org Received: (qmail 2421 invoked by uid 99); 7 Aug 2012 16:46:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Aug 2012 16:46:07 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Aug 2012 16:46:06 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id C57A75C7B; Tue, 7 Aug 2012 16:45:45 +0000 (UTC) From: bugzilla@apache.org To: bugs@apr.apache.org Subject: [Bug 53676] New: Uninitialized memory access when parsing DBDParams in apr_dbd_freetds.c could lead to crashes Date: Tue, 07 Aug 2012 16:45:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: APR X-Bugzilla-Component: APR-util X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mi+apache@aldan.algebra.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@apr.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: priority bug_id assigned_to short_desc bug_severity classification op_sys reporter rep_platform bug_status version component product Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=53676 Priority: P2 Bug ID: 53676 Assignee: bugs@apr.apache.org Summary: Uninitialized memory access when parsing DBDParams in apr_dbd_freetds.c could lead to crashes Severity: normal Classification: Unclassified OS: All Reporter: mi+apache@aldan.algebra.com Hardware: All Status: NEW Version: 1.4.1 Component: APR-util Product: APR Created attachment 29183 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29183&action=edit Fix parsing of DBDParams in apr_dbd_freetds.c DBDParams are expected to be strings like "username=foo,password=bar,server=doofus". The parsing code looks for the next =-sign first and then retracts back to find the beginning of the key (such as "username"). The current code skips before the very first key into uninitialized memory. The attached patch also adds a tiny bit of const-poisoning and the inclusion of , which is necessary, when compiling against real Sybase headers rather than FreeTDS (though FreeTDS supplies the header too). But the actual bug-fix is in the third (last) hunk of the patch. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org For additional commands, e-mail: bugs-help@apr.apache.org