diff options
author | Remi Collet <fedora@famillecollet.com> | 2016-09-19 18:21:08 +0200 |
---|---|---|
committer | Remi Collet <fedora@famillecollet.com> | 2016-09-19 18:21:08 +0200 |
commit | 454f2102935c1199e50c6d7482b7319c69f037ea (patch) | |
tree | 22a88ddca4f155b510f5f4304ac713bb5ca0d257 /sqlsrv-pr157.patch | |
parent | 6e0d5c46df21f938389708af5eb5530e919e5225 (diff) |
php-sqlsrv: fix buffer overflow + fix reported version
Diffstat (limited to 'sqlsrv-pr157.patch')
-rw-r--r-- | sqlsrv-pr157.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/sqlsrv-pr157.patch b/sqlsrv-pr157.patch new file mode 100644 index 0000000..11818e6 --- /dev/null +++ b/sqlsrv-pr157.patch @@ -0,0 +1,45 @@ +From 5e27f69cbb66d7468645f337858c2b140274b4b6 Mon Sep 17 00:00:00 2001 +From: Remi Collet <fedora@famillecollet.com> +Date: Mon, 19 Sep 2016 17:49:57 +0200 +Subject: [PATCH] fix buffer overflow, raising segfault in pdo driver + +--- + source/pdo_sqlsrv/pdo_dbh.cpp | 2 +- + source/pdo_sqlsrv/pdo_stmt.cpp | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/source/pdo_sqlsrv/pdo_dbh.cpp b/source/pdo_sqlsrv/pdo_dbh.cpp +index 20f996b..079eca0 100644 +--- a/source/pdo_sqlsrv/pdo_dbh.cpp ++++ b/source/pdo_sqlsrv/pdo_dbh.cpp +@@ -361,7 +361,7 @@ struct pdo_dbh_methods pdo_sqlsrv_dbh_methods = { + { \ + pdo_sqlsrv_dbh* driver_dbh = reinterpret_cast<pdo_sqlsrv_dbh*>( dbh->driver_data ); \ + driver_dbh->set_func( __FUNCTION__ ); \ +- int length = strlen(__FUNCTION__); \ ++ int length = strlen(__FUNCTION__)+strlen(": entering"); \ + char func[length+1]; \ + LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); \ + } +diff --git a/source/pdo_sqlsrv/pdo_stmt.cpp b/source/pdo_sqlsrv/pdo_stmt.cpp +index dc989f4..4486404 100644 +--- a/source/pdo_sqlsrv/pdo_stmt.cpp ++++ b/source/pdo_sqlsrv/pdo_stmt.cpp +@@ -339,7 +339,7 @@ void stmt_option_emulate_prepares:: operator()( sqlsrv_stmt* stmt, stmt_option c + { \ + pdo_sqlsrv_stmt* driver_stmt = reinterpret_cast<pdo_sqlsrv_stmt*>( stmt->driver_data ); \ + driver_stmt->set_func( __FUNCTION__ ); \ +- int length = strlen(__FUNCTION__); \ ++ int length = strlen(__FUNCTION__)+strlen(": entering"); \ + char func[length+1]; \ + LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); \ + } +@@ -427,7 +427,7 @@ int pdo_sqlsrv_stmt_describe_col(pdo_stmt_t *stmt, int colno TSRMLS_DC) + #else + pdo_sqlsrv_stmt* driver_stmtt = reinterpret_cast<pdo_sqlsrv_stmt*>( stmt->driver_data ); + driver_stmtt->set_func( __FUNCTION__ ); +- int length = strlen(__FUNCTION__); ++ int length = strlen(__FUNCTION__)+strlen(": entering"); + char func[length+1]; + LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); + #endif |