pkg-perl-maintainers team mailing list archive

[Stefan Roas <stefan.roas@xxxxxx>]

Public bug reported:

When truncating a varchar or text field libdbd-firebird-perl can cause a
buffer overflow.

When truncating either SQL_VARYING or SQL_TEXT libdbd-firebird-perl
creates an error message that informs the user about the truncation
including how many bytes it tried to write and how many bytes the column
could accept. The error message is created using sprintf to a fix-sized
buffer that is too small if the size of the string and the size of the
column occupy more than 3 bytes in the format string.

The bug is in ./libdbd-firebird-perl-1.15/dbdimp.c in the function
ib_fill_isqlda.

Attached is a possible fix that increases the size of the fixed-sized
buffer to 100 bytes and prevents a buffer overflow by using snprintf
instead of sprintf.

** Affects: libdbd-firebird-perl (Ubuntu)
     Importance: Undecided
         Status: New

** Patch added: "libdbd-firebird-perl.patch"
   https://bugs.launchpad.net/bugs/1431867/+attachment/4344296/+files/libdbd-firebird-perl.patch

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libdbd-firebird-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1431867

Title:
  libdbd-firebird-perl might cause a buffer overflow when truncating
  text or varchar fields

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdbd-firebird-perl/+bug/1431867/+subscriptions