53676 – Uninitialized memory access when parsing DBDParams in apr_dbd_freetds.c could lead to crashes

Bug 53676 - Uninitialized memory access when parsing DBDParams in apr_dbd_freetds.c could lead to crashes

Summary: Uninitialized memory access when parsing DBDParams in apr_dbd_freetds.c could...

Status:	RESOLVED DUPLICATE of bug 53666

Alias:	None

Product:	APR
Classification:	Unclassified
Component:	APR-util (show other bugs)
Version:	1.4.1
Hardware:	All All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache Portable Runtime bugs mailinglist

URL:
Keywords:	PatchAvailable

Depends on:
Blocks:

Reported:	2012-08-07 16:45 UTC by Mikhail T.
Modified:	2012-08-10 16:02 UTC (History)
CC List:	0 users

Attachments
Fix parsing of DBDParams in apr_dbd_freetds.c (684 bytes, patch) 2012-08-07 16:45 UTC, Mikhail T.	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mikhail T. 2012-08-07 16:45:45 UTC

Created attachment 29183 [details]
Fix parsing of DBDParams in apr_dbd_freetds.c

DBDParams are expected to be strings like "username=foo,password=bar,server=doofus". The parsing code looks for the next =-sign first and then retracts back to find the beginning of the key (such as "username"). The current code skips before the very first key into uninitialized memory.

The attached patch also adds a tiny bit of const-poisoning and the inclusion of <sybfront.h>, which is necessary, when compiling against real Sybase headers rather than FreeTDS (though FreeTDS supplies the header too).

But the actual bug-fix is in the third (last) hunk of the patch.

Comment 1 Mikhail T. 2012-08-10 16:02:38 UTC


*** This bug has been marked as a duplicate of bug 53666 ***