File firebird-2.5.2-CORE-4629.patch of Package firebird.openSUSE_13.1_Update
From a88d38a4be856c1552d54b50c5eb831667500395 Mon Sep 17 00:00:00 2001
From: alexpeshkoff <alexpeshkoff@65644016-39b1-43b1-bf79-96bc8fe82c15>
Date: Tue, 2 Dec 2014 10:18:26 +0000
Subject: [PATCH] Fixed CORE-4630: Segfault in server caused by bad packet
git-svn-id: svn+ssh://svn.code.sf.net/p/firebird/code/firebird/branches/B2_5_Release@60322 65644016-39b1-43b1-bf79-96bc8fe82c15
---
src/remote/protocol.cpp | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/remote/protocol.cpp b/src/remote/protocol.cpp
index 30df6bf..e39b902 100644
--- a/src/remote/protocol.cpp
+++ b/src/remote/protocol.cpp
@@ -398,6 +398,8 @@ bool_t xdr_protocol(XDR* xdrs, PACKET* p)
MAP(xdr_short, reinterpret_cast<SSHORT&>(response->p_resp_object));
MAP(xdr_quad, response->p_resp_blob_id);
MAP(xdr_cstring, response->p_resp_data);
+ if (!response->p_resp_status_vector) // incorrectly called - packet not prepared
+ return P_FALSE(xdrs, p);
return xdr_status_vector(xdrs, response->p_resp_status_vector) ?
P_TRUE(xdrs, p) : P_FALSE(xdrs, p);
@@ -1652,9 +1654,12 @@ static bool_t xdr_status_vector(XDR* xdrs, ISC_STATUS* vector)
SLONG vec;
SCHAR* sp = NULL;
+ ISC_STATUS* const end = &vector[ISC_STATUS_LENGTH];
while (true)
{
+ if (vector >= end)
+ return FALSE;
if (xdrs->x_op == XDR_ENCODE)
vec = (SLONG) * vector++;
if (!xdr_long(xdrs, &vec))
@@ -1670,6 +1675,8 @@ static bool_t xdr_status_vector(XDR* xdrs, ISC_STATUS* vector)
case isc_arg_interpreted:
case isc_arg_string:
case isc_arg_sql_state:
+ if (vector >= end)
+ return FALSE;
if (xdrs->x_op == XDR_ENCODE)
{
if (!xdr_wrapstring(xdrs, reinterpret_cast<SCHAR**>(vector++)))
@@ -1700,6 +1707,8 @@ static bool_t xdr_status_vector(XDR* xdrs, ISC_STATUS* vector)
case isc_arg_number:
default:
+ if (vector >= end)
+ return FALSE;
if (xdrs->x_op == XDR_ENCODE)
vec = (SLONG) * vector++;
if (!xdr_long(xdrs, &vec))
--
1.8.4.5
