Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AV in isc_start_transaction (isc_start_multiple) - bad TEB [CORE1756] #2181

Closed
firebird-issue-importer opened this issue Feb 21, 2008 · 7 comments

Comments

@firebird-issue-importer

Submitted by: @ibprovider

AV samples

isc_start_transaction(status_vector, &valid_tr_handle, 1, &valid_db_handle, 32000 , NULL)

isc_start_transaction(status_vector, &valid_tr_handle, 1, &valid_db_handle, -1 , NULL)

isc_start_transaction(status_vector, &valid_tr_handle, 1, &valid_db_handle, -1 , valid_pointer_to_tpb)

I think, need write code like

if(tpb_length<0)
{
// ERROR
}

if(tpb_length!=0 && tpb==NULL)
{
// ERROR
}

Commits: 48e9858

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Feb 26, 2008

Commented by: @ibprovider

why.cpp ------------

ISC_STATUS API_ROUTINE GDS_START_MULTIPLE( ... )
{
// ....

for (....)
{
if(vector->teb_tpb_length<0)
{
Firebird::status_exception::raise(isc_bad_tpb_form,isc_arg_end);
}

if(vector->teb_tpb==NULL && vector->teb_tpb_length>0)
{
Firebird::status_exception::raise(isc_bad_tpb_form,isc_arg_end);
}

// ....
}//for

// ....
}// GDS_START_MULTIPLE

-----
Additional proposal: change the type of TEB::teb_tpb to const UCHAR*

Thanks

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Feb 26, 2008

Commented by: @ibprovider

Also:

if(vector==NULL)
{
Firebird::status_exception::raise(isc_bad_trans_handle,/* Do we need new error code here ? */ isc_arg_end);
}

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Feb 29, 2008

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Feb 29, 2008

Commented by: @AlexPeshkoff

Appropriate tests are added.
Cause none of AVs can be used for remote attack, no use backporting.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Feb 29, 2008

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5 Alpha 1 [ 10224 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Nov 12, 2009

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants