You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Vyacheslav Koptilin (Jira)" <ji...@apache.org> on 2022/01/18 15:37:00 UTC

[jira] [Reopened] (IGNITE-16279) CPP: ODBC Incorrent usage of SQLBindParameter in TestStingParamNullLen cause to heap buffer overflow

     [ https://issues.apache.org/jira/browse/IGNITE-16279?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vyacheslav Koptilin reopened IGNITE-16279:
------------------------------------------
    Ignite Flags:   (was: Docs Required,Release Notes Required)

> CPP: ODBC Incorrent usage of SQLBindParameter in TestStingParamNullLen cause to heap buffer overflow
> ----------------------------------------------------------------------------------------------------
>
>                 Key: IGNITE-16279
>                 URL: https://issues.apache.org/jira/browse/IGNITE-16279
>             Project: Ignite
>          Issue Type: Bug
>          Components: odbc, platforms
>            Reporter: Ivan Daschinsky
>            Assignee: Ivan Daschinsky
>            Priority: Minor
>
> Platform: ubuntu 20.04, UnixODBC 2.3.7
> {code}
> Index: modules/platforms/cpp/odbc/src/utility.cpp
> IDEA additional info:
> Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
> <+>UTF-8
> ===================================================================
> diff --git a/modules/platforms/cpp/odbc/src/utility.cpp b/modules/platforms/cpp/odbc/src/utility.cpp
> --- a/modules/platforms/cpp/odbc/src/utility.cpp	(revision e18bbbedfa23f4a4c7bcd1f4c48fa881411e5653)
> +++ b/modules/platforms/cpp/odbc/src/utility.cpp	(date 1641994995236)
> @@ -136,8 +136,10 @@
>              if (!sqlStr || !sqlStrLen)
>                  return res;
>  
> -            if (sqlStrLen == SQL_NTS)
> +            if (sqlStrLen == SQL_NTS) {
> +                std::cout << "Hopla " << sqlStrC << std::endl; // Here we go, unexpected.
>                  res.assign(sqlStrC);
> +            }
>              else if (sqlStrLen > 0)
>                  res.assign(sqlStrC, sqlStrLen);
>  
> {code}
> Run {{TestStingParamNullLen}} under ASan and get report: https://gist.github.com/ivandasch/00fc80c31cb48022eed81a72ff3c4fc6
> To run under sanitizer:
> 1. Add flags
> {code}
> set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fno-omit-frame-pointer -fno-sanitize-recover -g")
> {code}
> 2. Run  
> {code}
> ✗ JAVA_HOME=/opt/jdk/jdk1.8.0_281 ASAN_OPTIONS=handle_segv=0:detect_leaks=0:symbolize=1 IGNITE_NATIVE_TEST_ODBC_CONFIG_PATH=/home/ivandasch/Job/ignite-cpp/modules/platforms/cpp/odbc-test/config  ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer ./odbc-test/ignite-odbc-tests -t '*/TestStingParamNullLen'
> {code}
> P.S.
> Seems that this is problem in test, in test we pass not NULL-terminated string and forget to add StrLen param at the end
> Current code 
> {code}
>    ret = SQLBindParameter(stmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR,
>        paramData.size(), 0, &paramData[0], paramLen, 0);
> {code}
> Should be
> {code}
> ret = SQLBindParameter(stmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR,
>        paramData.size(), 0, &paramData[0], paramLen, &paramLen);
> {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)