You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Vyacheslav Koptilin (Jira)" <ji...@apache.org> on 2022/01/18 15:37:00 UTC
[jira] [Reopened] (IGNITE-16279) CPP: ODBC Incorrent usage of SQLBindParameter in TestStingParamNullLen cause to heap buffer overflow
[ https://issues.apache.org/jira/browse/IGNITE-16279?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vyacheslav Koptilin reopened IGNITE-16279:
------------------------------------------
Ignite Flags: (was: Docs Required,Release Notes Required)
> CPP: ODBC Incorrent usage of SQLBindParameter in TestStingParamNullLen cause to heap buffer overflow
> ----------------------------------------------------------------------------------------------------
>
> Key: IGNITE-16279
> URL: https://issues.apache.org/jira/browse/IGNITE-16279
> Project: Ignite
> Issue Type: Bug
> Components: odbc, platforms
> Reporter: Ivan Daschinsky
> Assignee: Ivan Daschinsky
> Priority: Minor
>
> Platform: ubuntu 20.04, UnixODBC 2.3.7
> {code}
> Index: modules/platforms/cpp/odbc/src/utility.cpp
> IDEA additional info:
> Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
> <+>UTF-8
> ===================================================================
> diff --git a/modules/platforms/cpp/odbc/src/utility.cpp b/modules/platforms/cpp/odbc/src/utility.cpp
> --- a/modules/platforms/cpp/odbc/src/utility.cpp (revision e18bbbedfa23f4a4c7bcd1f4c48fa881411e5653)
> +++ b/modules/platforms/cpp/odbc/src/utility.cpp (date 1641994995236)
> @@ -136,8 +136,10 @@
> if (!sqlStr || !sqlStrLen)
> return res;
>
> - if (sqlStrLen == SQL_NTS)
> + if (sqlStrLen == SQL_NTS) {
> + std::cout << "Hopla " << sqlStrC << std::endl; // Here we go, unexpected.
> res.assign(sqlStrC);
> + }
> else if (sqlStrLen > 0)
> res.assign(sqlStrC, sqlStrLen);
>
> {code}
> Run {{TestStingParamNullLen}} under ASan and get report: https://gist.github.com/ivandasch/00fc80c31cb48022eed81a72ff3c4fc6
> To run under sanitizer:
> 1. Add flags
> {code}
> set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fno-omit-frame-pointer -fno-sanitize-recover -g")
> {code}
> 2. Run
> {code}
> ✗ JAVA_HOME=/opt/jdk/jdk1.8.0_281 ASAN_OPTIONS=handle_segv=0:detect_leaks=0:symbolize=1 IGNITE_NATIVE_TEST_ODBC_CONFIG_PATH=/home/ivandasch/Job/ignite-cpp/modules/platforms/cpp/odbc-test/config ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer ./odbc-test/ignite-odbc-tests -t '*/TestStingParamNullLen'
> {code}
> P.S.
> Seems that this is problem in test, in test we pass not NULL-terminated string and forget to add StrLen param at the end
> Current code
> {code}
> ret = SQLBindParameter(stmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR,
> paramData.size(), 0, ¶mData[0], paramLen, 0);
> {code}
> Should be
> {code}
> ret = SQLBindParameter(stmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR,
> paramData.size(), 0, ¶mData[0], paramLen, ¶mLen);
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)