clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error)

Browse Source 
There is a lot of call such as:
	pdo_pgsql_error(dbh, PGRES_FATAL_ERROR, "Copy command failed");
Where the 3rd paramater is a error message string where a sqlstate (5 chars)
is expected. This cause a segfault in copy_from.phpt and copy_to.phpt.

This is only a sanity check to avoid buffer overflow, but obviously this
calls need to be fixed (using NULL or a correct sqlstate).
This commit is contained in:
Remi Collet 2013-05-31 08:39:32 +02:00
parent 13e5c97ffd
commit 1c623e3b07
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -2,6 +2,9 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2013, PHP 5.3.27
- PDO_pgsql:
. Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi)
?? ??? 2013, PHP 5.3.26
### DO NOT ADD ENTRIES HERE, ADD THEM ABOVE FOR 5.3.27 ###

2
ext/pdo_pgsql/pgsql_driver.c
View File

@ -76,7 +76,7 @@ int _pdo_pgsql_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, int errcode, const char *
einfo->errmsg = NULL;
}
if (sqlstate == NULL) {
if (sqlstate == NULL || strlen(sqlstate) >= sizeof(pdo_error_type)) {
strcpy(*pdo_err, "HY000");
}
else {