pool/unixODBC
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 73431 from server:database

Browse Source 
security fix

OBS-URL: https://build.opensuse.org/request/show/73431
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unixODBC?expand=0&rev=12
This commit is contained in:
Sascha Peilicke 2011-06-14 08:58:07 +00:00 committed by Git OBS Bridge
parent 85cc9fc6a4
commit be709e4f90
5 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
unixODBC-2.2.12-CVE-2011-1145.patch Normal file
View File

@ -0,0 +1,26 @@
--- trunk/DriverManager/SQLDriverConnect.c 2011/01/12 15:50:07 23
+++ trunk/DriverManager/SQLDriverConnect.c 2011/03/09 15:38:55 27
@@ -664,7 +664,7 @@
{
DMHDBC connection = (DMHDBC)hdbc;
struct con_struct con_struct;
- char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ 128 ];
+ char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ INI_MAX_PROPERTY_VALUE + 1 ];
char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ];
char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ];
SQLRETURN ret_from_connect;
@@ -969,7 +969,13 @@
tsavefile = __get_attribute_value( &con_struct, "SAVEFILE" );
if ( tsavefile )
{
- strcpy( savefile, tsavefile );
+ if ( strlen( tsavefile ) > INI_MAX_PROPERTY_VALUE ) {
+ memcpy( savefile, tsavefile, INI_MAX_PROPERTY_VALUE );
+ savefile[ INI_MAX_PROPERTY_VALUE ] = '\0';
+ }
+ else {
+ strcpy( savefile, tsavefile );
+ }
}
else
{

5
unixODBC-gui-qt.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Jun 13 11:17:00 CEST 2011 - mhrusecky@suse.cz
- fixed CVE-2011-1145 (bnc#678796)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 13 15:45:51 CEST 2008 - nadvornik@suse.cz Mon Oct 13 15:45:51 CEST 2008 - nadvornik@suse.cz

2
unixODBC-gui-qt.spec
View File

@ -39,6 +39,7 @@ Patch8: unixODBC-%{version}-dm.patch
Patch10: unixODBC-%{version}-libodbcinst-exports.patch Patch10: unixODBC-%{version}-libodbcinst-exports.patch
Patch11: unixODBC-%{version}-flex.patch Patch11: unixODBC-%{version}-flex.patch
Patch12: unixODBC-%{version}-ctracing.patch Patch12: unixODBC-%{version}-ctracing.patch
Patch13: unixODBC-2.2.12-CVE-2011-1145.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -62,6 +63,7 @@ Authors:
%patch10 %patch10
%patch11 %patch11
%patch12 %patch12
%patch13 -p1
install -m 644 %{S:1} . install -m 644 %{S:1} .
%build %build

5
unixODBC.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Jun 13 11:17:49 CEST 2011 - mhrusecky@suse.cz
- fixed CVE-2011-1145 (bnc#678796)
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Dec 19 13:43:00 CET 2009 - jengelh@medozas.de Sat Dec 19 13:43:00 CET 2009 - jengelh@medozas.de

2
unixODBC.spec
View File

@ -49,6 +49,7 @@ Patch10: %{name}-%{version}-libodbcinst-exports.patch
Patch11: %{name}-%{version}-flex.patch Patch11: %{name}-%{version}-flex.patch
Patch12: %{name}-%{version}-sqp.patch Patch12: %{name}-%{version}-sqp.patch
Patch13: %{name}-%{version}-uninitialized.patch Patch13: %{name}-%{version}-uninitialized.patch
Patch14: unixODBC-2.2.12-CVE-2011-1145.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package devel %package devel
@ -97,6 +98,7 @@ Authors:
%patch11 %patch11
%patch12 %patch12
%patch13 %patch13
%patch14 -p1
install -m 644 %{S:1} . install -m 644 %{S:1} .
%build %build