Package: libdbd-firebird-perl / 1.18-2

Metadata

Package Version Patches format
libdbd-firebird-perl 1.18-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
dbdimp 780925 buf overflow.patch | (download)

dbdimp.c | 14 8 + 6 - 0 !
1 file changed, 8 insertions(+), 6 deletions(-)

 [dbd-firebird-devel] buffer overflow in dbdimp.c
To: dbd-firebird-devel@lists.alioth.debian.org
Date: Fri, 13 Mar 2015 17:36:31 +0100

Hi there,

I found a buffer overflow in dbdimp.c. Error messages in dbdimp.c use
sprintf to a fix-sized buffer that (quite likely in two cases) might be
too small to hold the final result.

Attached you find a patch that solves the problem by increasing the size
of the buffer to a value that should be large enough for every
conceivable input given the conversion specification and additionally
use snprintf() instead of sprintf(). As snprintf() is already used
somewhere else in dbdimp.c I figure there are no portability issues
involved.

I did not check the other uses of sprintf, although it might be
worthwhile to do so as a quick check found other locations where a
fix-sized buffer is involved.

Best regards,
  Stefan


snprintf everywhere.patch | (download)

Firebird.xs | 2 1 + 1 - 0 !
dbdimp.c | 31 16 + 15 - 0 !
2 files changed, 17 insertions(+), 16 deletions(-)

---