Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dangerous lack of validation for transaction options [CORE1440] #1858

Closed
firebird-issue-importer opened this issue Sep 4, 2007 · 8 comments
Closed

Comments

@firebird-issue-importer
Copy link

@firebird-issue-importer firebird-issue-importer commented Sep 4, 2007

Submitted by: Claudio Valderrama C. (robocop)

Assigned to: Claudio Valderrama C. (robocop)

Is related to QA184
Relate to CORE1600

In tra.cpp:transaction_options() we supposedly parse and validate transaction options given in a TPB. However, we have left alive the old bugs coming from IB for years. Example:
- it's possible to make engine read past the end of the TPB stream (for example, giving a table with length indicator being bigger than the remaining bytes in the TPB stream)
- it's possible to select options that conflict with other related options (for example, rec_version & no_rec_version without read_committed)
- it's possible to select conflicting options inside the same category (for example, both read_committed and snapshot, read_only v/s write right for the txn)
- it's possible to put options that only make sense after a relation, before any relation is specified. They will be ignored silently (for example, isc_tpb_protected)
- it's possible to make the engine read trash for the isc_tpb_lock_timeout tag's numeric parameter.

Commits: d59376e

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 5, 2007

Modified by: @dyemanov

assignee: Claudio Valderrama C. [ robocop ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 11, 2007

Modified by: @dyemanov

Fix Version: 2.1 Beta 2 [ 10190 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 18, 2007

Commented by: Claudio Valderrama C. (robocop)

Validations were implemented, but we allow rec_version/no_rec_version before or after RC isolation level.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 18, 2007

Modified by: Claudio Valderrama C. (robocop)

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Nov 16, 2007

Modified by: @hvlad

Link: This issue relate to CORE1600 [ CORE1600 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 29, 2007

Modified by: @pcisar

Link: This issue is related to QA184 [ QA184 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 28, 2008

Modified by: @pcisar

Workflow: jira [ 12960 ] => Firebird [ 14623 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant