You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by ni...@apache.org on 2006/04/16 23:20:00 UTC
svn commit: r394559 - /apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c
Author: niq
Date: Sun Apr 16 14:19:59 2006
New Revision: 394559
URL: http://svn.apache.org/viewcvs?rev=394559&view=rev
Log:
Backport simple fixes to pgsql driver
Modified:
apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c
Modified: apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c
URL: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c?rev=394559&r1=394558&r2=394559&view=diff
==============================================================================
--- apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c (original)
+++ apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c Sun Apr 16 14:19:59 2006
@@ -221,7 +221,7 @@
apr_dbd_t *sql)
{
size_t len = strlen(arg);
- char *ret = apr_palloc(pool, len + 1);
+ char *ret = apr_palloc(pool, 2*(len + 1));
PQescapeString(ret, arg, len);
return ret;
}
@@ -366,6 +366,7 @@
if (dbd_pgsql_is_success(ret)) {
ret = 0;
}
+ *nrows = atoi(PQcmdTuples(res));
PQclear(res);
}
else {
Re: svn commit: r394559 -
/apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c
Posted by Bojan Smojver <bo...@rexursive.com>.
On Sun, 2006-04-16 at 21:20 +0000, niq@apache.org wrote:
> --- apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c (original)
> +++ apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c Sun Apr 16 14:19:59 2006
> @@ -221,7 +221,7 @@
> apr_dbd_t *sql)
> {
> size_t len = strlen(arg);
> - char *ret = apr_palloc(pool, len + 1);
> + char *ret = apr_palloc(pool, 2*(len + 1));
> PQescapeString(ret, arg, len);
> return ret;
> }
Should we be reporting the above as a security problem in Apache 2.2.0
(i.e. a potential heap overflow), given that the code ships with it?
--
Bojan