pkg-perl-maintainers team mailing list archive
-
pkg-perl-maintainers team
-
Mailing list archive
-
Message #02844
[Bug 1431867] [NEW] libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
Public bug reported:
When truncating a varchar or text field libdbd-firebird-perl can cause a
buffer overflow.
When truncating either SQL_VARYING or SQL_TEXT libdbd-firebird-perl
creates an error message that informs the user about the truncation
including how many bytes it tried to write and how many bytes the column
could accept. The error message is created using sprintf to a fix-sized
buffer that is too small if the size of the string and the size of the
column occupy more than 3 bytes in the format string.
The bug is in ./libdbd-firebird-perl-1.15/dbdimp.c in the function
ib_fill_isqlda.
Attached is a possible fix that increases the size of the fixed-sized
buffer to 100 bytes and prevents a buffer overflow by using snprintf
instead of sprintf.
** Affects: libdbd-firebird-perl (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "libdbd-firebird-perl.patch"
https://bugs.launchpad.net/bugs/1431867/+attachment/4344296/+files/libdbd-firebird-perl.patch
--
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libdbd-firebird-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1431867
Title:
libdbd-firebird-perl might cause a buffer overflow when truncating
text or varchar fields
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdbd-firebird-perl/+bug/1431867/+subscriptions
Follow ups
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Steve Langasek, 2021-10-14
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Rolf Leggewie, 2016-04-24
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Launchpad Bug Tracker, 2016-04-24
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Launchpad Bug Tracker, 2016-04-24
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Launchpad Bug Tracker, 2016-04-24
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Bug Watch Updater, 2015-04-15
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Micah Gersten, 2015-04-15
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Micah Gersten, 2015-04-15
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Ubuntu Foundations Team Bug Bot, 2015-03-13
-
[Bug 1431867] Re: libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Stefan Roas, 2015-03-13
-
[Bug 1431867] [NEW] libdbd-firebird-perl might cause a buffer overflow when truncating text or varchar fields
From: Stefan Roas, 2015-03-13
References