| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | 247306(at)bugs(dot)debian(dot)org, pgsql-bugs(at)postgresql(dot)org, Martin Pitt <martin(at)piware(dot)de> |
| Cc: | pgsql-odbc(at)postgresql(dot)org |
| Subject: | Re: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes) |
| Date: | 2004-05-11 23:31:37 |
| Message-ID: | 200405120130.16067.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-odbc |
Martin Pitt wrote:
> A week ago we at Debian received the bug report below: due to a
> buffer overflow in psqlodbc it is possible to crash (and possibly
> exploit) apache. I already sent this mail to the psqlodbc list [1],
> but unfortunately got no response so far. So maybe there are some
> hackers here who can help with this?
The problem is that the ODBC driver just writes the long user name or
password into its internal data structures without paying attention the
fact that it's only got 256 bytes of space. (function PGAPI_Connect in
file connection.c) It's the oldest bug in the book really.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martin Pitt | 2004-05-11 23:47:09 | Re: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes) |
| Previous Message | Tom Lane | 2004-05-11 20:54:04 | Re: Bug in backend/lib/stringinfo.c:enlargeStringInfo() |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martin Pitt | 2004-05-11 23:47:09 | Re: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes) |
| Previous Message | Thomas LeBlanc | 2004-05-11 22:36:16 | Updating a ADO RecordSet with INNER JOIN... |