Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 268231 Details for
Bug 358611
<dev-db/unixODBC-2.3.0-r1: possible buffer overrun in SQLDriverConnect() (CVE-2011-1145)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix patch
sqldriverconnect.patch (text/plain), 1.05 KB, created by
Alexandr Tiurin
on 2011-04-02 18:29:50 UTC
(
hide
)
Description:
fix patch
Filename:
MIME Type:
Creator:
Alexandr Tiurin
Created:
2011-04-02 18:29:50 UTC
Size:
1.05 KB
patch
obsolete
>http://bugs.gentoo.org/show_bug.cgi?id=358611 >--- unixODBC-2.3.0.orig/DriverManager/SQLDriverConnect.c 2011-04-02 21:56:19.889301819 +0400 >+++ unixODBC-2.3.0/DriverManager/SQLDriverConnect.c 2011-04-02 21:58:37.129102095 +0400 >@@ -639,7 +639,7 @@ > { > DMHDBC connection = (DMHDBC)hdbc; > struct con_struct con_struct; >- char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ 128 ]; >+ char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ INI_MAX_PROPERTY_VALUE + 1 ]; > char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ]; > char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ]; > SQLRETURN ret_from_connect; >@@ -944,7 +944,13 @@ > tsavefile = __get_attribute_value( &con_struct, "SAVEFILE" ); > if ( tsavefile ) > { >- strcpy( savefile, tsavefile ); >+ if ( strlen( tsavefile ) > INI_MAX_PROPERTY_VALUE ) { >+ memcpy( savefile, tsavefile, INI_MAX_PROPERTY_VALUE ); >+ savefile[ INI_MAX_PROPERTY_VALUE ] = '\0'; >+ } >+ else { >+ strcpy( savefile, tsavefile ); >+ } > } > else > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=268231">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 358611
: 268231 |
268233
