Commit: 1c623e3b07128e78362911ff5754e7eee57fa8bb Author: Remi Collet <r...@php.net> Fri, 31 May 2013 08:39:32 +0200 Parents: 13e5c97ffd75821c01bbec79c1d2233c50d36b0e Branches: PHP-5.3 PHP-5.4 PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=1c623e3b07128e78362911ff5754e7eee57fa8bb Log: Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error) There is a lot of call such as: pdo_pgsql_error(dbh, PGRES_FATAL_ERROR, "Copy command failed"); Where the 3rd paramater is a error message string where a sqlstate (5 chars) is expected. This cause a segfault in copy_from.phpt and copy_to.phpt. This is only a sanity check to avoid buffer overflow, but obviously this calls need to be fixed (using NULL or a correct sqlstate). Bugs: https://bugs.php.net/64949 Changed paths: M NEWS M ext/pdo_pgsql/pgsql_driver.c Diff: diff --git a/NEWS b/NEWS index 50d979a..0b9e7cb 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2013, PHP 5.3.27 +- PDO_pgsql: + . Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi) + ?? ??? 2013, PHP 5.3.26 ### DO NOT ADD ENTRIES HERE, ADD THEM ABOVE FOR 5.3.27 ### diff --git a/ext/pdo_pgsql/pgsql_driver.c b/ext/pdo_pgsql/pgsql_driver.c index 645fd36..55f4418 100644 --- a/ext/pdo_pgsql/pgsql_driver.c +++ b/ext/pdo_pgsql/pgsql_driver.c @@ -76,7 +76,7 @@ int _pdo_pgsql_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, int errcode, const char * einfo->errmsg = NULL; } - if (sqlstate == NULL) { + if (sqlstate == NULL || strlen(sqlstate) >= sizeof(pdo_error_type)) { strcpy(*pdo_err, "HY000"); } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php