summaryrefslogtreecommitdiffstats
path: root/sqlsrv-pr157.patch
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2016-09-19 18:21:08 +0200
committerRemi Collet <fedora@famillecollet.com>2016-09-19 18:21:08 +0200
commit454f2102935c1199e50c6d7482b7319c69f037ea (patch)
tree22a88ddca4f155b510f5f4304ac713bb5ca0d257 /sqlsrv-pr157.patch
parent6e0d5c46df21f938389708af5eb5530e919e5225 (diff)
php-sqlsrv: fix buffer overflow + fix reported version
Diffstat (limited to 'sqlsrv-pr157.patch')
-rw-r--r--sqlsrv-pr157.patch45
1 files changed, 45 insertions, 0 deletions
diff --git a/sqlsrv-pr157.patch b/sqlsrv-pr157.patch
new file mode 100644
index 0000000..11818e6
--- /dev/null
+++ b/sqlsrv-pr157.patch
@@ -0,0 +1,45 @@
+From 5e27f69cbb66d7468645f337858c2b140274b4b6 Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora@famillecollet.com>
+Date: Mon, 19 Sep 2016 17:49:57 +0200
+Subject: [PATCH] fix buffer overflow, raising segfault in pdo driver
+
+---
+ source/pdo_sqlsrv/pdo_dbh.cpp | 2 +-
+ source/pdo_sqlsrv/pdo_stmt.cpp | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source/pdo_sqlsrv/pdo_dbh.cpp b/source/pdo_sqlsrv/pdo_dbh.cpp
+index 20f996b..079eca0 100644
+--- a/source/pdo_sqlsrv/pdo_dbh.cpp
++++ b/source/pdo_sqlsrv/pdo_dbh.cpp
+@@ -361,7 +361,7 @@ struct pdo_dbh_methods pdo_sqlsrv_dbh_methods = {
+ { \
+ pdo_sqlsrv_dbh* driver_dbh = reinterpret_cast<pdo_sqlsrv_dbh*>( dbh->driver_data ); \
+ driver_dbh->set_func( __FUNCTION__ ); \
+- int length = strlen(__FUNCTION__); \
++ int length = strlen(__FUNCTION__)+strlen(": entering"); \
+ char func[length+1]; \
+ LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); \
+ }
+diff --git a/source/pdo_sqlsrv/pdo_stmt.cpp b/source/pdo_sqlsrv/pdo_stmt.cpp
+index dc989f4..4486404 100644
+--- a/source/pdo_sqlsrv/pdo_stmt.cpp
++++ b/source/pdo_sqlsrv/pdo_stmt.cpp
+@@ -339,7 +339,7 @@ void stmt_option_emulate_prepares:: operator()( sqlsrv_stmt* stmt, stmt_option c
+ { \
+ pdo_sqlsrv_stmt* driver_stmt = reinterpret_cast<pdo_sqlsrv_stmt*>( stmt->driver_data ); \
+ driver_stmt->set_func( __FUNCTION__ ); \
+- int length = strlen(__FUNCTION__); \
++ int length = strlen(__FUNCTION__)+strlen(": entering"); \
+ char func[length+1]; \
+ LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); \
+ }
+@@ -427,7 +427,7 @@ int pdo_sqlsrv_stmt_describe_col(pdo_stmt_t *stmt, int colno TSRMLS_DC)
+ #else
+ pdo_sqlsrv_stmt* driver_stmtt = reinterpret_cast<pdo_sqlsrv_stmt*>( stmt->driver_data );
+ driver_stmtt->set_func( __FUNCTION__ );
+- int length = strlen(__FUNCTION__);
++ int length = strlen(__FUNCTION__)+strlen(": entering");
+ char func[length+1];
+ LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering"));
+ #endif