8
0
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-23 23:23:04 +01:00

backported security fix

This commit is contained in:
alexpeshkoff 2007-06-21 12:06:15 +00:00
parent a3cf262bb9
commit df0c22e2d4
4 changed files with 33 additions and 56 deletions

View File

@ -658,39 +658,32 @@ rem_port* INET_connect(const TEXT* name,
ISC_tcp_setup(ISC_wait, gds__completion_ast);
#endif
const TEXT* protocol = NULL;
TEXT temp[BUFFER_TINY];
Firebird::string host;
Firebird::string protocol;
if (name) {
strncpy(temp, name, sizeof(temp));
temp[sizeof(temp) - 1] = 0;
for (TEXT* p = temp; *p;) {
if (*p++ == '/') {
p[-1] = 0;
name = temp;
protocol = p;
break;
}
host = name;
const size_t pos = host.find("/");
if (pos != Firebird::string::npos) {
protocol = host.substr(pos + 1);
host = host.substr(0, pos);
}
}
if (name && *name) {
if (host.hasData()) {
if (port->port_connection) {
ALLR_free(port->port_connection);
}
port->port_connection = REMOTE_make_string(name);
port->port_connection = REMOTE_make_string(host.c_str());
}
else {
name = port->port_host->str_data;
host = port->port_host->str_data;
}
if (!protocol) {
if (protocol.isEmpty()) {
const unsigned short port2 = Config::getRemoteServicePort();
if (port2) {
// EKU: since temp is 128 byte long, the port number will always
// fit into the buffer, hence snprintf replaced with sprintf
sprintf(temp, "%hu", port2);
protocol = temp;
protocol.printf("%hu", port2);
}
else {
protocol = Config::getRemoteServiceName();
@ -704,7 +697,7 @@ rem_port* INET_connect(const TEXT* name,
#ifdef VMS
/* V M S */
if (getservport(protocol, "tcp", &address.sin_port) == -1) {
if (getservport(protocol.c_str(), "tcp", &address.sin_port) == -1) {
inet_error(port, "getservbyname", isc_net_connect_err, 0);
disconnect(port);
return NULL;
@ -761,7 +754,7 @@ rem_port* INET_connect(const TEXT* name,
THREAD_EXIT();
const struct servent* service = getservbyname(protocol, "tcp");
const struct servent* service = getservbyname(protocol.c_str(), "tcp");
#ifdef WIN_NT
/* On Windows NT/9x, getservbyname can only accomodate
* 1 call at a time. In this case it returns the error
@ -772,7 +765,7 @@ rem_port* INET_connect(const TEXT* name,
if (!service) {
if (H_ERRNO == INET_RETRY_ERRNO) {
for (int retry = 0; retry < INET_RETRY_CALL; retry++) {
if ( (service = getservbyname(protocol, "tcp")) )
if ( (service = getservbyname(protocol.c_str(), "tcp")) )
break;
}
}
@ -789,7 +782,7 @@ rem_port* INET_connect(const TEXT* name,
for zero-installation clients.
*/
if (!service) {
if (strcmp(protocol, FB_SERVICE_NAME) == 0) {
if (protocol == FB_SERVICE_NAME) {
/* apply hardwired translation */
address.sin_port = htons(FB_SERVICE_PORT);
}
@ -800,7 +793,7 @@ rem_port* INET_connect(const TEXT* name,
* let's see whether this is a port number
* instead of a service name
*/
address.sin_port = htons(atoi(protocol));
address.sin_port = htons(atoi(protocol.c_str()));
}
if (address.sin_port == 0)
@ -820,7 +813,7 @@ rem_port* INET_connect(const TEXT* name,
isc_arg_gds,
isc_service_unknown,
isc_arg_string,
protocol, isc_arg_string, "tcp", 0);
protocol.c_str(), isc_arg_string, "tcp", 0);
return NULL;
} /* else / not hardwired gds_db translation */
}

View File

@ -953,17 +953,12 @@ ISC_STATUS GDS_DATABASE_INFO(ISC_STATUS* user_status,
{
rem_port* port = rdb->rdb_port;
/* two bytes too much allocated, better safe than sorry */
const size_t nLen = strlen(GDS_VERSION) +
strlen(port->port_version->str_data) + 4;
char* version = (char*)ALLR_alloc(nLen);
sprintf(version, "%s/%s", GDS_VERSION, port->port_version->str_data);
Firebird::string version;
version.printf("%s/%s", GDS_VERSION, port->port_version->str_data);
MERGE_database_info(temp_buffer, (UCHAR *) buffer, buffer_length,
IMPLEMENTATION, 3, 1, (UCHAR*)version,
IMPLEMENTATION, 3, 1, (UCHAR*)(version.c_str()),
(UCHAR *) port->port_host->str_data, 0);
ALLR_free(version);
}
if (temp_buffer != temp) {

View File

@ -692,11 +692,11 @@ static bool accept_connection(rem_port* port,
/* and modify the version string to reflect the chosen protocol */
TEXT buffer[64];
sprintf(buffer, "%s/P%d", port->port_version->str_data,
port->port_protocol);
Firebird::string buffer;
buffer.printf("%s/P%d", port->port_version->str_data,
port->port_protocol);
ALLR_free(port->port_version);
port->port_version = REMOTE_make_string(buffer);
port->port_version = REMOTE_make_string(buffer.c_str());
if (architecture == ARCHITECTURE)
port->port_flags |= PORT_symmetric;
@ -2719,12 +2719,11 @@ ISC_STATUS rem_port::info(P_OP op, P_INFO * stuff, PACKET* sendL)
stuff->p_info_buffer_length /*sizeof (temp)*/,
reinterpret_cast<char*>(temp_buffer) /*temp*/);
if (!status_vector[1]) {
TEXT version[256];
sprintf(version, "%s/%s", GDS_VERSION,
this->port_version->str_data);
Firebird::string version;
version.printf("%s/%s", GDS_VERSION, this->port_version->str_data);
MERGE_database_info(temp_buffer /*temp*/, buffer, stuff->p_info_buffer_length,
IMPLEMENTATION, 4, 1,
reinterpret_cast<const UCHAR*>(version),
reinterpret_cast<const UCHAR*>(version.c_str()),
reinterpret_cast<UCHAR*>(this->port_host->str_data),
0);
}
@ -3140,7 +3139,6 @@ bool process_packet(rem_port* port,
* sent.
*
**************************************/
TEXT msg[128];
trdb thd_context(port->port_status_vector);
// BRS: This is the same as REM_set_thread_data
trdb* tdrdb = &thd_context;
@ -3154,19 +3152,15 @@ bool process_packet(rem_port* port,
if (!accept_connection(port, &receive->p_cnct, sendL)) {
rem_str* string = port->port_user_name;
if (string) {
sprintf(msg,
"SERVER/process_packet: connection rejected for %*.*s",
gds__log("SERVER/process_packet: connection rejected for %*.*s",
string->str_length, string->str_length,
string->str_data);
gds__log(msg, 0);
}
if (port->port_server->srvr_flags & SRVR_multi_client) {
port->port_state = state_broken;
}
else {
gds__log
("SERVER/process_packet: connect reject, server exiting",
0);
gds__log("SERVER/process_packet: connect reject, server exiting");
ThreadData::restoreSpecific();
return false;
}
@ -3375,9 +3369,8 @@ bool process_packet(rem_port* port,
break;
default:
sprintf(msg, "SERVER/process_packet: don't understand packet type %d",
gds__log("SERVER/process_packet: don't understand packet type %d",
receive->p_operation);
gds__log(msg, 0);
port->port_state = state_broken;
break;
}

View File

@ -199,16 +199,12 @@ static void xnet_log_error(int source_line_num, const char* err_msg, ULONG err_c
* Error logging when port isn;t yet allocated
*
**************************************/
char err_msg_buff[BUFFER_SMALL];
if (err_code)
sprintf(err_msg_buff, "XNET error (xnet:%d) %s Win32 error = %"ULONGFORMAT"\n",
gds__log("XNET error (xnet:%d) %s Win32 error = %"ULONGFORMAT"\n",
source_line_num, err_msg, err_code);
else
sprintf(err_msg_buff, "XNET error (xnet:%d) %s\n",
gds__log("XNET error (xnet:%d) %s\n",
source_line_num, err_msg);
gds__log(err_msg_buff);
}