Summary: | Uninitialized memory access when parsing DBDParams in apr_dbd_freetds.c could lead to crashes | ||
---|---|---|---|
Product: | APR | Reporter: | Mikhail T. <mi+apache> |
Component: | APR-util | Assignee: | Apache Portable Runtime bugs mailinglist <bugs> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | Keywords: | PatchAvailable |
Priority: | P2 | ||
Version: | 1.4.1 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: | Fix parsing of DBDParams in apr_dbd_freetds.c |
Created attachment 29183 [details] Fix parsing of DBDParams in apr_dbd_freetds.c DBDParams are expected to be strings like "username=foo,password=bar,server=doofus". The parsing code looks for the next =-sign first and then retracts back to find the beginning of the key (such as "username"). The current code skips before the very first key into uninitialized memory. The attached patch also adds a tiny bit of const-poisoning and the inclusion of <sybfront.h>, which is necessary, when compiling against real Sybase headers rather than FreeTDS (though FreeTDS supplies the header too). But the actual bug-fix is in the third (last) hunk of the patch.