|
|
|
Sponsor |
Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: S: msg#00020db.postgresql.odbc
Hi! On 2004-05-13 19:43 +0200, Peter Eisentraut wrote: > Silently truncating various pieces of information is probably not the > right thing. But IMHO still better than overwriting arbitrary other data and code. If an user supplies bogus input, he cannot expect to get something sane out. > What are you truncating? By now: - DSN, username, password, and the whole connection string; - table names in info.c: make_string(szTableName, cbTableName, pktab, sizeof(pktab)); - Two calls in info.c: make_string(szPkTableName, cbPkTableName, pk_table_needed, sizeof(pk_table_needed)); make_string(szFkTableName, cbFkTableName, fk_table_needed, sizeof(fk_table_needed)); If these values should not be truncated, then psqlodbc should not use fixed buffer sizes. Currently truncating them is way more sane than letting them mess up the whole memory. > If it's a query string you might open yourself up to SQL-injection > type problems. I don't think that the patch affects whole query strings, but of course I may be wrong. The point of this patch was to fix the most apparent overflows with least possible changes, and after a week of silence on the lists I just had to do something about it. And now at least the connection and exec methods seem to work safely. > Plus, the ODBC driver appears to have buffer overruns all over the > place. We need to replace every instance of strcpy, strcat, sprintf, > make_string, and the various other feeble attempts with pqexpbuffer > from libpq. That's the only way to solve this problem once and for > all. I would be glad if the next psqlodbc version would be written in a sane way, without fixed string lengths and with a clear and safe string "class" interface. But doing this is far beyond the scope of a security patch (especially for Debian stable). One question: which mailing list is the better place to discuss this? -odbc or -bugs? Thanks and have a nice day! Martin -- Martin Pitt Debian GNU/Linux Developer martin@xxxxxxxxx mpitt@xxxxxxxxxx http://www.piware.de http://www.debian.org ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)], Peter Eisentraut |
|---|---|
| Next by Date: | psqlODBC driver does not work, Yury Koles |
| Previous by Thread: | Re: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)], Peter Eisentraut |
| Next by Thread: | psqlODBC driver does not work, Yury Koles |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
Home | sitemap
| advertise | OSDir is
an inevitable website. 
|
