apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1079901 - /apr/apr/trunk/dbd/apr_dbd_odbc.c
Date Wed, 09 Mar 2011 17:26:11 GMT
Author: trawick
Date: Wed Mar  9 17:26:11 2011
New Revision: 1079901

URL: http://svn.apache.org/viewvc?rev=1079901&view=rev
Log:
apr_dbd odbc: Fix stack buffer overwrite when an unexpected 
number of parameters is passed to open.

Modified:
    apr/apr/trunk/dbd/apr_dbd_odbc.c

Modified: apr/apr/trunk/dbd/apr_dbd_odbc.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/dbd/apr_dbd_odbc.c?rev=1079901&r1=1079900&r2=1079901&view=diff
==============================================================================
--- apr/apr/trunk/dbd/apr_dbd_odbc.c (original)
+++ apr/apr/trunk/dbd/apr_dbd_odbc.c Wed Mar  9 17:26:11 2011
@@ -819,7 +819,7 @@ static apr_status_t odbc_parse_params(ap
                                int *defaultBufferSize, int *nattrs,
                                int **attrs, int **attrvals)
 {
-    char *seps, *last, *name[MAX_PARAMS], *val[MAX_PARAMS];
+    char *seps, *last, *next, *name[MAX_PARAMS], *val[MAX_PARAMS];
     int nparams = 0, i, j;
 
     *attrs = apr_pcalloc(pool, MAX_PARAMS * sizeof(char *));
@@ -839,8 +839,18 @@ static apr_status_t odbc_parse_params(ap
         }
         val[nparams] = apr_strtok(NULL, seps, &last);
         seps = DEFAULTSEPS;
-        name[++nparams] = apr_strtok(NULL, seps, &last);
-    } while (nparams <= MAX_PARAMS && name[nparams] != NULL);
+
+        ++nparams;
+        next = apr_strtok(NULL, seps, &last);
+        if (!next) {
+            break;
+        }
+        if (nparams >= MAX_PARAMS) {
+            /* too many parameters, no place to store */
+            return APR_EGENERAL;
+        }
+        name[nparams] = next;
+    } while (1);
 
     for (j = i = 0; i < nparams; i++) {
         if (!apr_strnatcasecmp(name[i], "CONNECT")) {



Mime
View raw message