Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buffer overflow on client when delivering events. [CORE2437] #2853

Closed
firebird-issue-importer opened this issue Apr 17, 2009 · 12 comments
Closed

Comments

@firebird-issue-importer

Submitted by: @AlexPeshkoff

Is related to CORE2272

If for any reason badly formed list of events is used in isc_events_que(), it's sent to server and processed without any sanity checks (for server reads data after the end of passed buffer). As a result event with name, longer than expected, can be returned to client, passed to callback routine and cause BOF on client.

Commits: f6dae79 0b6e7f1 cd54e55

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2009

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2009

Modified by: @AlexPeshkoff

Link: This issue is related to CORE2272 [ CORE2272 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2009

Commented by: @AlexPeshkoff

Bug was found when trying to reproduce CORE2272

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2009

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Open [ 1 ]

Target: 2.1.3, 2.0.6 [ 10302, 10303 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2009

Commented by: @AlexPeshkoff

Added minimum sanity check for malformed EPB on server and check for size of received event notification on client.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2009

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5 RC1 [ 10300 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 8, 2009

Commented by: @AlexPeshkoff

Reopened to add backporting info

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 8, 2009

Modified by: @AlexPeshkoff

status: Resolved [ 5 ] => Reopened [ 4 ]

resolution: Fixed [ 1 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 8, 2009

Modified by: @AlexPeshkoff

status: Reopened [ 4 ] => Reopened [ 4 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 8, 2009

Modified by: @AlexPeshkoff

status: Reopened [ 4 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1.3 [ 10302 ]

Fix Version: 2.0.6 [ 10303 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Nov 9, 2009

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 18, 2016

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment