From cb585a6b65324a7aab697bb3c14c3add9e759ef0 Mon Sep 17 00:00:00 2001 From: Honza HorĂ¡k Date: Jun 17 2013 06:50:16 +0000 Subject: Avoid potential segfault Resolves: #974794 --- diff --git a/mysql-connector-odbc-cond.patch b/mysql-connector-odbc-cond.patch new file mode 100644 index 0000000..ece8302 --- /dev/null +++ b/mysql-connector-odbc-cond.patch @@ -0,0 +1,26 @@ +When looking for a terminating null character that isn't there and apparently +isn't supposed to be there as the length of the string is kept in a separate +variable. The code then tries to avoid a disaster by doing the right test after +it has done the wrong test, but with a bit of bad luck the out-of-bounds read +could cause a segmentation fault. Even if the error wouldn't affect the +operation of the code, fixing it will save programmers from wasting their time +chasing false alarms. + +This patch reverses the order of the two tests. I suppose checking for null +characters is OK as an additional safety measure, but it needs to be done +conditionally after the length test to avoid an out-of-bounds read. + +Upstream bug report: http://bugs.mysql.com/bug.php?id=64105 + +diff -up mysql-connector-odbc-5.2.5-src/util/stringutil.c.cond mysql-connector-odbc-5.2.5-src/util/stringutil.c +--- mysql-connector-odbc-5.2.5-src/util/stringutil.c.cond 2013-06-17 08:45:54.382640969 +0200 ++++ mysql-connector-odbc-5.2.5-src/util/stringutil.c 2013-06-17 08:45:58.084640903 +0200 +@@ -94,7 +94,7 @@ SQLWCHAR *sqlchar_as_sqlwchar(CHARSET_IN + return NULL; + } + +- for (pos= str, i= 0; *pos && pos < str_end; ) ++ for (pos= str, i= 0; pos < str_end && *pos; ) + { + if (sizeof(SQLWCHAR) == 4) + { diff --git a/mysql-connector-odbc.spec b/mysql-connector-odbc.spec index bdaac07..41af4df 100644 --- a/mysql-connector-odbc.spec +++ b/mysql-connector-odbc.spec @@ -1,7 +1,7 @@ Summary: ODBC driver for MySQL Name: mysql-connector-odbc Version: 5.2.5 -Release: 1%{?dist} +Release: 2%{?dist} Group: System Environment/Libraries URL: http://dev.mysql.com/downloads/connector/odbc/ # exceptions allow library to be linked with most open source SW, @@ -31,6 +31,7 @@ Patch6: myodbc-libname.patch Patch7: myodbc-libdir.patch Patch8: mysql-connector-odbc-buffsize.patch Patch9: mysql-connector-odbc-cleartext.patch +Patch10: mysql-connector-odbc-cond.patch BuildRequires: mysql-devel unixODBC-devel BuildRequires: cmake @@ -53,6 +54,7 @@ tar xfz %{SOURCE1} %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 %build # mysql 5.5.10 has stopped #define'ing THREAD in its exports, and has @@ -99,6 +101,10 @@ rm -rf $RPM_BUILD_ROOT/usr/test %{_libdir}/lib*so %changelog +* Mon Jun 17 2013 Honza Horak - 5.2.5-2 +- Avoid potential segfault + Resolves: #974794 + * Fri May 24 2013 Honza Horak - 5.2.5-1 - Update to 5.2.5 - Enlarge buffer size for query string when getting info about tables