forked from tarantool/tarantool
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This patch adds a check that sqlXPrintf() does not fail in the built-in SQL function printf(). There are two possible problems: the result might get too large, or there might be an integer overflow because internally int values are converted to size_t. Closes #tarantool/security#122 NO_DOC=bugfix
- Loading branch information
1 parent
039f714
commit 1315923
Showing
5 changed files
with
42 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
## bugfix/sql | ||
|
||
* Fixed an integer overflow issue and added check for the `printf()` failure due | ||
to too large size (ghs-122). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
local server = require('luatest.server') | ||
local t = require('luatest') | ||
|
||
local g = t.group() | ||
|
||
g.before_all(function() | ||
g.server = server:new({alias = 'master'}) | ||
g.server:start() | ||
end) | ||
|
||
g.after_all(function() | ||
g.server:stop() | ||
end) | ||
|
||
g.test_printf = function() | ||
g.server:exec(function() | ||
local msg = [[Failed to execute SQL statement: string or blob too big]] | ||
|
||
local ret, err = box.execute([[SELECT printf('%.*d', 0x7ffffff0, 0);]]) | ||
t.assert(ret == nil) | ||
t.assert_equals(err.message, msg) | ||
|
||
ret, err = box.execute("SELECT printf('hello %.*d', 0x7fffffff, 0);") | ||
t.assert(ret == nil) | ||
t.assert_equals(err.message, msg) | ||
end) | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
[default] | ||
core = luatest | ||
description = SQL tests on luatest | ||
long_run = sql-luatest/ghs_119_too_long_mem_values_test.lua | ||
long_run = sql-luatest/ghs_119_too_long_mem_values_test.lua sql-luatest/ghs_122_allocations_in_printf_test.lua |