On 3/31/22 16:39, Dimitry Sibiryakov wrote:
Alex Peshkoff via Firebird-devel wrote 31.03.2022 15:21:
Note that the crash happen on compression so it doesn't affect
Firebird security.
Did not catch why - we use zlib compression on the wire (since fb3)
and in gbak (since fb4). Both cases are not default but anyway not good.
The crash happen when a stream of definite data is tried to be
compressed. IMHO, it is hard (if possible at all) to purposefully
construct such stream *from* server to crash or exploit it.
How long should it be? Can it be put into blob?
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
