Package: libdbd-firebird-perl / 1.18-2
Metadata
Package | Version | Patches format |
---|---|---|
libdbd-firebird-perl | 1.18-2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
dbdimp 780925 buf overflow.patch | (download) |
dbdimp.c |
14 8 + 6 - 0 ! |
[dbd-firebird-devel] buffer overflow in dbdimp.c To: dbd-firebird-devel@lists.alioth.debian.org Date: Fri, 13 Mar 2015 17:36:31 +0100 Hi there, I found a buffer overflow in dbdimp.c. Error messages in dbdimp.c use sprintf to a fix-sized buffer that (quite likely in two cases) might be too small to hold the final result. Attached you find a patch that solves the problem by increasing the size of the buffer to a value that should be large enough for every conceivable input given the conversion specification and additionally use snprintf() instead of sprintf(). As snprintf() is already used somewhere else in dbdimp.c I figure there are no portability issues involved. I did not check the other uses of sprintf, although it might be worthwhile to do so as a quick check found other locations where a fix-sized buffer is involved. Best regards, Stefan |
snprintf everywhere.patch | (download) |
Firebird.xs |
2 1 + 1 - 0 ! |
--- |
1