Re: [PATCH]: Fix bounds checking for SQLite2/3

2006-03-08 Thread Garrett Rooney 
On 2/23/06, Bojan Smojver [EMAIL PROTECTED] wrote:
 Browsing through the code of DBD, I noticed that SQLite2/3 don't quite
 do the advertised bounds checking for get_entry functions. The
 following patch should be good for both 1.2.2 and the trunk.

Committed to trunk in r384327.

Thanks!

-garrett

Re: [PATCH]: Fix bounds checking for SQLite2/3

2006-03-08 Thread Bojan Smojver 

Quoting Garrett Rooney [EMAIL PROTECTED]:


On 2/23/06, Bojan Smojver [EMAIL PROTECTED] wrote:

Browsing through the code of DBD, I noticed that SQLite2/3 don't quite
do the advertised bounds checking for get_entry functions. The
following patch should be good for both 1.2.2 and the trunk.


Committed to trunk in r384327.


Thanks.

--
Bojan

[PATCH]: Fix bounds checking for SQLite2/3

2006-02-23 Thread Bojan Smojver 
Browsing through the code of DBD, I noticed that SQLite2/3 don't quite 
do the advertised bounds checking for get_entry functions. The 
following patch should be good for both 1.2.2 and the trunk.


--
Bojan
diff -rauN apr-util-1.2.2-vanilla/dbd/apr_dbd_sqlite2.c apr-util-1.2.2/dbd/apr_dbd_sqlite2.c
--- apr-util-1.2.2-vanilla/dbd/apr_dbd_sqlite2.c	2005-08-11 18:51:16.0 +1000
+++ apr-util-1.2.2/dbd/apr_dbd_sqlite2.c	2006-02-24 08:59:30.0 +1100
@@ -168,6 +168,10 @@
 
 static const char *dbd_sqlite_get_entry(const apr_dbd_row_t * row, int n)
 {
+if ((n  0) || (n = row-res-sz)) {
+  return NULL;
+}
+
 return row-data[n];
 }
 
diff -rauN apr-util-1.2.2-vanilla/dbd/apr_dbd_sqlite3.c apr-util-1.2.2/dbd/apr_dbd_sqlite3.c
--- apr-util-1.2.2-vanilla/dbd/apr_dbd_sqlite3.c	2005-08-11 18:51:16.0 +1000
+++ apr-util-1.2.2/dbd/apr_dbd_sqlite3.c	2006-02-24 08:59:18.0 +1100
@@ -209,7 +209,7 @@
 {
 apr_dbd_column_t *column;
 const char *value;
-if ((n + 1)  row-columnCount) {
+if ((n  0) || (n = row-columnCount)) {
 return NULL;
 }
 column = row-columns[n];