Hi
tnx for your email!
it solved my problem!
alireza
________________________________
From: Steffen Waitz <stwa...@gmx.de>
To: openca-users@lists.sourceforge.net
Sent: Tuesday, November 22, 2011 5:54 PM
Subject: [Openca-Users] Buffer overflow when viewing CA Cert in Web UI
Hi @all,
after successfully installing OpenCA 1.1.1 on a
SuSE Enterprise Server 11 SP1 64 bit it turned out that
OpenCA crashes when trying to view the CA Cert from the
Web UI.
8<------ cut --------
*** buffer overflow detected ***: /usr/bin/perl terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7fe890e74147]
/lib64/libc.so.6(+0xe8de0)[0x7fe890e71de0]
/lib64/libc.so.6(+0xe80d9)[0x7fe890e710d9]
/lib64/libc.so.6(_IO_default_xsputn+0x85)[0x7fe890dfc705]
/lib64/libc.so.6(_IO_vfprintf+0x3716)[0x7fe890dcf656]
/lib64/libc.so.6(__vsprintf_chk+0x9d)[0x7fe890e7117d]
/lib64/libc.so.6(__sprintf_chk+0x80)[0x7fe890e710c0]
/opt/openca/lib/openca/perl_modules/perl5/x86_64-linux-thread-multi/auto/DBD/mysql/mysql.so(mysql_bind_ph+0x705)[0x7fe88b9f2f15]
/opt/openca/lib/openca/perl_modules/perl5/x86_64-linux-thread-multi/auto/DBD/mysql/mysql.so(XS_DBD__mysql__st_bind_param+0x231)[0x7fe88ba11941]
/opt/openca/lib/openca/perl_modules/perl5/x86_64-linux-thread-multi/auto/DBI/DBI.so(XS_DBI_dispatch+0x583e)[0x7fe88df82c5e]
/usr/bin/perl(Perl_pp_entersub+0x5a5)[0x47e115]
/usr/bin/perl(Perl_runops_debug+0x133)[0x455ad3]
/usr/bin/perl(perl_run+0x2b5)[0x47a005]
/usr/bin/perl(main+0xdc)[0x42172c]
/lib64/libc.so.6(__libc_start_main+0xe6)[0x7fe890da7bc6]
/usr/bin/perl[0x421589]
======= Memory map: ========
00400000-0058a000 r-xp 00000000 fd:04 12790563
/usr/bin/perl
00789000-0078a000 r--p 00189000 fd:04 12790563
/usr/bin/perl
0078a000-0078e000 rw-p 0018a000 fd:04 12790563
/usr/bin/perl
0078e000-044f0000 rw-p 00000000 00:00 0
[heap]
7fe88b26c000-7fe88b282000 r-xp 00000000 fd:01 262507
/lib64/libgcc_s.so.1
------ cut -------->8
After some hours of reading the code in DBI.pm I found out that the
bind_param setting are not quite correct in my case coz the stored
cert_key was a hex not a decimal one which causes the buffer overflow.
8<------ cut --------
OpenCA::DBI->searchItems: query now: select * from certificate where
(cert_key=?) order by rowid
OpenCA::DBI->searchItems: arguments: 9304c308744d67289.....
------ cut -------->8
After setting up a sanity check in DBI.pm it is now working as expected.
## prepare bind_values
@@ -3295,11 +3295,17 @@
$q_count ++;
my $q_type = shift(@bind_types);
if ( $q_type =~ /DECIMAL/ ) {
+ if ( $q_value =~ /^\d+$/ ) {
$self->{STH}->bind_param( $q_count, $q_value, SQL_DECIMAL );
- } elsif ( $q_type =~ /BIGINT/ ) {
- $self->{STH}->bind_param( $q_count, $q_value, SQL_BIGINT );
} else {
- $self->{STH}->bind_param( $q_count, $q_value, SQL_UNKNOWN_TYPE );
+ $self->debug ("doQuery: Query Type: $q_type but HEXADECIMAL
detected.");
+ $self->{STH}->bind_param( $q_count, $q_value );
+ }
+ } elsif ( $q_type =~ /BIGINT/ ) {
+ $self->{STH}->bind_param( $q_count, $q_value, SQL_BIGINT );
+ } else {
+ $self->{STH}->bind_param( $q_count, $q_value, SQL_UNKNOWN_TYPE );
+ # $self->{STH}->bind_param( $q_count, $q_value );
}
}
Hope that helps
Steffen
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
