New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Increase allowable buffer size for Oracle service string #666

Open
ristillu opened this Issue Jul 2, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@ristillu

ristillu commented Jul 2, 2018

Our Oracle connection string looks something like this:

auto connectionString = "service=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=somehostname.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=some_service_name))) user=some_username password=some_password"s;
soci::session sql("oracle", connectionString);

In soci/src/backends/oracle/session.cpp there is:

// arbitrary length for charset conversion buffer
const size_t nlsBufLen = 100;

Using that connection string above our code triggers:

throw soci_error("Service name is too long.");

The simple fix for our code was to increase the size of the buffer guard and recompile. But I don't know what a reasonable size is or the set of potential use cases for what is going into the soci service name variable. I used 256, which covered a FQDN and a reasonable length username and password but possibly 512 would be safer.

Some information about potential service strings might be extrapolated from https://docs.oracle.com/cd/E11882_01/network.112/e41945/concepts.htm#NETAG002

@mloskot

This comment has been minimized.

Member

mloskot commented Jul 2, 2018

By the way, the Oracle documentation on Syntax Rules for Configuration Files says something like this:

The maximum length of a connect descriptor is 4 KB

That is for the whole descriptor, not just service name.
I think 512 seems like a safe length, arbitrary or not.

@ristillu Would you care to submit a pull request?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment