From bdbdc30efc978488ee19c79188f296075c8e161a Mon Sep 17 00:00:00 2001 From: asfernandes Date: Mon, 4 May 2015 16:24:10 +0000 Subject: [PATCH] Fixed CORE-4781 - Maximum string length (32765 bytes) is not validated. --- lang_helpers/gds_codes.ftn | 2 ++ lang_helpers/gds_codes.pas | 1 + src/dsql/Parser.cpp | 33 +++++++++++++++++++++++++++++++-- src/include/gen/codetext.h | 1 + src/include/gen/iberror.h | 6 ++++-- src/include/gen/msgs.h | 1 + src/include/gen/sql_code.h | 1 + src/include/gen/sql_state.h | 1 + src/msgs/facilities2.sql | 2 +- src/msgs/messages2.sql | 1 + src/msgs/system_errors2.sql | 1 + 11 files changed, 45 insertions(+), 5 deletions(-) diff --git a/lang_helpers/gds_codes.ftn b/lang_helpers/gds_codes.ftn index 59b075225b..207e80ba17 100644 --- a/lang_helpers/gds_codes.ftn +++ b/lang_helpers/gds_codes.ftn @@ -2332,6 +2332,8 @@ C -- PARAMETER (GDS__dsql_wlock_conflict = 336397329) INTEGER*4 GDS__dsql_max_exception_arguments PARAMETER (GDS__dsql_max_exception_arguments = 336397330) + INTEGER*4 GDS__dsql_string_length + PARAMETER (GDS__dsql_string_length = 336397331) INTEGER*4 GDS__gsec_cant_open_db PARAMETER (GDS__gsec_cant_open_db = 336723983) INTEGER*4 GDS__gsec_switches_error diff --git a/lang_helpers/gds_codes.pas b/lang_helpers/gds_codes.pas index de27d0fc04..7ac0a1344a 100644 --- a/lang_helpers/gds_codes.pas +++ b/lang_helpers/gds_codes.pas @@ -1173,6 +1173,7 @@ const gds_dsql_wlock_aggregates = 336397328; gds_dsql_wlock_conflict = 336397329; gds_dsql_max_exception_arguments = 336397330; + gds_dsql_string_length = 336397331; gds_gsec_cant_open_db = 336723983; gds_gsec_switches_error = 336723984; gds_gsec_no_op_spec = 336723985; diff --git a/src/dsql/Parser.cpp b/src/dsql/Parser.cpp index dfd4834404..0f1b0d1901 100644 --- a/src/dsql/Parser.cpp +++ b/src/dsql/Parser.cpp @@ -483,6 +483,18 @@ int Parser::yylexAux() } *p = *lex.ptr++; } + + if (p - buffer > MAX_COLUMN_SIZE - sizeof(USHORT)) + { + if (buffer != string) + gds__free (buffer); + + ERRD_post(Arg::Gds(isc_sqlerr) << Arg::Num(-104) << + Arg::Gds(isc_dsql_string_length) << + Arg::Num(p - buffer) << + Arg::Num(MAX_COLUMN_SIZE - sizeof(USHORT))); + } + if (c == '"') { stmt_ambiguous = true; @@ -654,6 +666,14 @@ int Parser::yylexAux() byte = c; } + if (temp.length() > MAX_COLUMN_SIZE - sizeof(USHORT)) + { + ERRD_post(Arg::Gds(isc_sqlerr) << Arg::Num(-104) << + Arg::Gds(isc_dsql_string_length) << + Arg::Num(temp.length()) << + Arg::Num(MAX_COLUMN_SIZE - sizeof(USHORT))); + } + yylval.intlStringPtr = newIntlString(temp, "BINARY"); return STRING; @@ -693,8 +713,17 @@ int Parser::yylexAux() { if (*lex.ptr == endChar && *++lex.ptr == '\'') { - yylval.intlStringPtr = newIntlString( - Firebird::string(lex.last_token + 3, lex.ptr - lex.last_token - 4)); + size_t len = lex.ptr - lex.last_token - 4; + + if (len > MAX_COLUMN_SIZE - sizeof(USHORT)) + { + ERRD_post(Arg::Gds(isc_sqlerr) << Arg::Num(-104) << + Arg::Gds(isc_dsql_string_length) << + Arg::Num(len) << + Arg::Num(MAX_COLUMN_SIZE - sizeof(USHORT))); + } + + yylval.intlStringPtr = newIntlString(Firebird::string(lex.last_token + 3, len)); ++lex.ptr; diff --git a/src/include/gen/codetext.h b/src/include/gen/codetext.h index 811f6c8b06..1f9e199c77 100644 --- a/src/include/gen/codetext.h +++ b/src/include/gen/codetext.h @@ -1162,6 +1162,7 @@ static const struct { {"dsql_wlock_aggregates", 336397328}, {"dsql_wlock_conflict", 336397329}, {"dsql_max_exception_arguments", 336397330}, + {"dsql_string_length", 336397331}, {"gsec_cant_open_db", 336723983}, {"gsec_switches_error", 336723984}, {"gsec_no_op_spec", 336723985}, diff --git a/src/include/gen/iberror.h b/src/include/gen/iberror.h index 1825fd0cbd..016100e1c2 100644 --- a/src/include/gen/iberror.h +++ b/src/include/gen/iberror.h @@ -1196,6 +1196,7 @@ const ISC_STATUS isc_dsql_firstskip_rows = 336397327L; const ISC_STATUS isc_dsql_wlock_aggregates = 336397328L; const ISC_STATUS isc_dsql_wlock_conflict = 336397329L; const ISC_STATUS isc_dsql_max_exception_arguments = 336397330L; +const ISC_STATUS isc_dsql_string_length = 336397331L; const ISC_STATUS isc_gsec_cant_open_db = 336723983L; const ISC_STATUS isc_gsec_switches_error = 336723984L; const ISC_STATUS isc_gsec_no_op_spec = 336723985L; @@ -1298,7 +1299,7 @@ const ISC_STATUS isc_trace_switch_user_only = 337182757L; const ISC_STATUS isc_trace_switch_param_miss = 337182758L; const ISC_STATUS isc_trace_param_act_notcompat = 337182759L; const ISC_STATUS isc_trace_mandatory_switch_miss = 337182760L; -const ISC_STATUS isc_err_max = 1242; +const ISC_STATUS isc_err_max = 1243; #else /* c definitions */ @@ -2464,6 +2465,7 @@ const ISC_STATUS isc_err_max = 1242; #define isc_dsql_wlock_aggregates 336397328L #define isc_dsql_wlock_conflict 336397329L #define isc_dsql_max_exception_arguments 336397330L +#define isc_dsql_string_length 336397331L #define isc_gsec_cant_open_db 336723983L #define isc_gsec_switches_error 336723984L #define isc_gsec_no_op_spec 336723985L @@ -2566,7 +2568,7 @@ const ISC_STATUS isc_err_max = 1242; #define isc_trace_switch_param_miss 337182758L #define isc_trace_param_act_notcompat 337182759L #define isc_trace_mandatory_switch_miss 337182760L -#define isc_err_max 1242 +#define isc_err_max 1243 #endif diff --git a/src/include/gen/msgs.h b/src/include/gen/msgs.h index 6794fd475f..330b1111cb 100644 --- a/src/include/gen/msgs.h +++ b/src/include/gen/msgs.h @@ -1165,6 +1165,7 @@ Data source : @4"}, /* eds_statement */ {336397328, "WITH LOCK cannot be used with aggregates"}, /* dsql_wlock_aggregates */ {336397329, "WITH LOCK cannot be used with @1"}, /* dsql_wlock_conflict */ {336397330, "Number of arguments (@1) exceeds the maximum (@2) number of EXCEPTION USING arguments"}, /* dsql_max_exception_arguments */ + {336397331, "String literal with @1 bytes exceeds the maximum length of @2 bytes"}, /* dsql_string_length */ {336723983, "unable to open database"}, /* gsec_cant_open_db */ {336723984, "error in switch specifications"}, /* gsec_switches_error */ {336723985, "no operation specified"}, /* gsec_no_op_spec */ diff --git a/src/include/gen/sql_code.h b/src/include/gen/sql_code.h index efda5c7703..e25af799d3 100644 --- a/src/include/gen/sql_code.h +++ b/src/include/gen/sql_code.h @@ -1161,6 +1161,7 @@ static const struct { {336397328, -104}, /* 1040 dsql_wlock_aggregates */ {336397329, -104}, /* 1041 dsql_wlock_conflict */ {336397330, -901}, /* 1042 dsql_max_exception_arguments */ + {336397331, -901}, /* 1043 dsql_string_length */ {336723983, -901}, /* 15 gsec_cant_open_db */ {336723984, -901}, /* 16 gsec_switches_error */ {336723985, -901}, /* 17 gsec_no_op_spec */ diff --git a/src/include/gen/sql_state.h b/src/include/gen/sql_state.h index 3b81f9d04a..ddfa5e26f2 100644 --- a/src/include/gen/sql_state.h +++ b/src/include/gen/sql_state.h @@ -1161,6 +1161,7 @@ static const struct { {336397328, "42000"}, // 1040 dsql_wlock_aggregates {336397329, "42000"}, // 1041 dsql_wlock_conflict {336397330, "07002"}, // 1042 dsql_max_exception_arguments + {336397331, "42000"}, // 1043 dsql_string_length {336723983, "00000"}, // 15 gsec_cant_open_db {336723984, "00000"}, // 16 gsec_switches_error {336723985, "00000"}, // 17 gsec_no_op_spec diff --git a/src/msgs/facilities2.sql b/src/msgs/facilities2.sql index 91b53aecca..5cacd77d35 100644 --- a/src/msgs/facilities2.sql +++ b/src/msgs/facilities2.sql @@ -10,7 +10,7 @@ set bulk_insert INSERT INTO FACILITIES (LAST_CHANGE, FACILITY, FAC_CODE, MAX_NUM ('1996-11-07 13:39:40', 'INSTALL', 10, 1) ('1996-11-07 13:38:41', 'TEST', 11, 4) ('2014-05-09 01:30:36', 'GBAK', 12, 361) -('2015-04-29 12:27:00', 'SQLERR', 13, 1043) +('2015-04-29 12:27:00', 'SQLERR', 13, 1044) ('1996-11-07 13:38:42', 'SQLWARN', 14, 613) ('2006-09-10 03:04:31', 'JRD_BUGCHK', 15, 307) ('2014-05-07 03:04:46', 'ISQL', 17, 190) diff --git a/src/msgs/messages2.sql b/src/msgs/messages2.sql index a267142bf6..042ceec89d 100644 --- a/src/msgs/messages2.sql +++ b/src/msgs/messages2.sql @@ -2618,6 +2618,7 @@ ERROR: Backup incomplete', NULL, NULL); ('dsql_wlock_aggregates', 'pass1_rse_impl', 'pass1.cpp', NULL, 13, 1040, NULL, 'WITH LOCK cannot be used with aggregates', NULL, NULL); ('dsql_wlock_conflict', NULL, 'pass1.cpp', NULL, 13, 1041, NULL, 'WITH LOCK cannot be used with @1', NULL, NULL); ('dsql_max_exception_arguments', NULL, 'StmtNodes.cpp', NULL, 13, 1042, NULL, 'Number of arguments (@1) exceeds the maximum (@2) number of EXCEPTION USING arguments', NULL, NULL); +('dsql_string_length', NULL, 'Parser.cpp', NULL, 13, 1043, NULL, 'String literal with @1 bytes exceeds the maximum length of @2 bytes', NULL, NULL); -- SQLWARN (NULL, NULL, NULL, NULL, 14, 100, NULL, 'Row not found for fetch, update or delete, or the result of a query is an empty table.', NULL, NULL); (NULL, NULL, NULL, NULL, 14, 101, NULL, 'segment buffer length shorter than expected', NULL, NULL); diff --git a/src/msgs/system_errors2.sql b/src/msgs/system_errors2.sql index fbb09a6408..3d0886c72c 100644 --- a/src/msgs/system_errors2.sql +++ b/src/msgs/system_errors2.sql @@ -1155,6 +1155,7 @@ COMMIT WORK; (-104, '42', '000', 13, 1040, 'dsql_wlock_aggregates', NULL, NULL) (-104, '42', '000', 13, 1041, 'dsql_wlock_conflict', NULL, NULL) (-901, '07', '002', 13, 1042, 'dsql_max_exception_arguments', NULL, NULL) +(-901, '42', '000', 13, 1043, 'dsql_string_length', NULL, NULL) -- GSEC (-901, '00', '000', 18, 15, 'gsec_cant_open_db', NULL, NULL) (-901, '00', '000', 18, 16, 'gsec_switches_error', NULL, NULL)