mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-23 23:23:04 +01:00
backported security fix
This commit is contained in:
parent
a3cf262bb9
commit
df0c22e2d4
@ -658,39 +658,32 @@ rem_port* INET_connect(const TEXT* name,
|
||||
ISC_tcp_setup(ISC_wait, gds__completion_ast);
|
||||
#endif
|
||||
|
||||
const TEXT* protocol = NULL;
|
||||
TEXT temp[BUFFER_TINY];
|
||||
Firebird::string host;
|
||||
Firebird::string protocol;
|
||||
|
||||
if (name) {
|
||||
strncpy(temp, name, sizeof(temp));
|
||||
temp[sizeof(temp) - 1] = 0;
|
||||
for (TEXT* p = temp; *p;) {
|
||||
if (*p++ == '/') {
|
||||
p[-1] = 0;
|
||||
name = temp;
|
||||
protocol = p;
|
||||
break;
|
||||
}
|
||||
host = name;
|
||||
const size_t pos = host.find("/");
|
||||
if (pos != Firebird::string::npos) {
|
||||
protocol = host.substr(pos + 1);
|
||||
host = host.substr(0, pos);
|
||||
}
|
||||
}
|
||||
|
||||
if (name && *name) {
|
||||
if (host.hasData()) {
|
||||
if (port->port_connection) {
|
||||
ALLR_free(port->port_connection);
|
||||
}
|
||||
port->port_connection = REMOTE_make_string(name);
|
||||
port->port_connection = REMOTE_make_string(host.c_str());
|
||||
}
|
||||
else {
|
||||
name = port->port_host->str_data;
|
||||
host = port->port_host->str_data;
|
||||
}
|
||||
|
||||
if (!protocol) {
|
||||
if (protocol.isEmpty()) {
|
||||
const unsigned short port2 = Config::getRemoteServicePort();
|
||||
if (port2) {
|
||||
// EKU: since temp is 128 byte long, the port number will always
|
||||
// fit into the buffer, hence snprintf replaced with sprintf
|
||||
sprintf(temp, "%hu", port2);
|
||||
protocol = temp;
|
||||
protocol.printf("%hu", port2);
|
||||
}
|
||||
else {
|
||||
protocol = Config::getRemoteServiceName();
|
||||
@ -704,7 +697,7 @@ rem_port* INET_connect(const TEXT* name,
|
||||
|
||||
#ifdef VMS
|
||||
/* V M S */
|
||||
if (getservport(protocol, "tcp", &address.sin_port) == -1) {
|
||||
if (getservport(protocol.c_str(), "tcp", &address.sin_port) == -1) {
|
||||
inet_error(port, "getservbyname", isc_net_connect_err, 0);
|
||||
disconnect(port);
|
||||
return NULL;
|
||||
@ -761,7 +754,7 @@ rem_port* INET_connect(const TEXT* name,
|
||||
|
||||
THREAD_EXIT();
|
||||
|
||||
const struct servent* service = getservbyname(protocol, "tcp");
|
||||
const struct servent* service = getservbyname(protocol.c_str(), "tcp");
|
||||
#ifdef WIN_NT
|
||||
/* On Windows NT/9x, getservbyname can only accomodate
|
||||
* 1 call at a time. In this case it returns the error
|
||||
@ -772,7 +765,7 @@ rem_port* INET_connect(const TEXT* name,
|
||||
if (!service) {
|
||||
if (H_ERRNO == INET_RETRY_ERRNO) {
|
||||
for (int retry = 0; retry < INET_RETRY_CALL; retry++) {
|
||||
if ( (service = getservbyname(protocol, "tcp")) )
|
||||
if ( (service = getservbyname(protocol.c_str(), "tcp")) )
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -789,7 +782,7 @@ rem_port* INET_connect(const TEXT* name,
|
||||
for zero-installation clients.
|
||||
*/
|
||||
if (!service) {
|
||||
if (strcmp(protocol, FB_SERVICE_NAME) == 0) {
|
||||
if (protocol == FB_SERVICE_NAME) {
|
||||
/* apply hardwired translation */
|
||||
address.sin_port = htons(FB_SERVICE_PORT);
|
||||
}
|
||||
@ -800,7 +793,7 @@ rem_port* INET_connect(const TEXT* name,
|
||||
* let's see whether this is a port number
|
||||
* instead of a service name
|
||||
*/
|
||||
address.sin_port = htons(atoi(protocol));
|
||||
address.sin_port = htons(atoi(protocol.c_str()));
|
||||
}
|
||||
|
||||
if (address.sin_port == 0)
|
||||
@ -820,7 +813,7 @@ rem_port* INET_connect(const TEXT* name,
|
||||
isc_arg_gds,
|
||||
isc_service_unknown,
|
||||
isc_arg_string,
|
||||
protocol, isc_arg_string, "tcp", 0);
|
||||
protocol.c_str(), isc_arg_string, "tcp", 0);
|
||||
return NULL;
|
||||
} /* else / not hardwired gds_db translation */
|
||||
}
|
||||
|
@ -953,17 +953,12 @@ ISC_STATUS GDS_DATABASE_INFO(ISC_STATUS* user_status,
|
||||
{
|
||||
rem_port* port = rdb->rdb_port;
|
||||
|
||||
/* two bytes too much allocated, better safe than sorry */
|
||||
const size_t nLen = strlen(GDS_VERSION) +
|
||||
strlen(port->port_version->str_data) + 4;
|
||||
char* version = (char*)ALLR_alloc(nLen);
|
||||
|
||||
sprintf(version, "%s/%s", GDS_VERSION, port->port_version->str_data);
|
||||
Firebird::string version;
|
||||
version.printf("%s/%s", GDS_VERSION, port->port_version->str_data);
|
||||
|
||||
MERGE_database_info(temp_buffer, (UCHAR *) buffer, buffer_length,
|
||||
IMPLEMENTATION, 3, 1, (UCHAR*)version,
|
||||
IMPLEMENTATION, 3, 1, (UCHAR*)(version.c_str()),
|
||||
(UCHAR *) port->port_host->str_data, 0);
|
||||
ALLR_free(version);
|
||||
}
|
||||
|
||||
if (temp_buffer != temp) {
|
||||
|
@ -692,11 +692,11 @@ static bool accept_connection(rem_port* port,
|
||||
|
||||
/* and modify the version string to reflect the chosen protocol */
|
||||
|
||||
TEXT buffer[64];
|
||||
sprintf(buffer, "%s/P%d", port->port_version->str_data,
|
||||
port->port_protocol);
|
||||
Firebird::string buffer;
|
||||
buffer.printf("%s/P%d", port->port_version->str_data,
|
||||
port->port_protocol);
|
||||
ALLR_free(port->port_version);
|
||||
port->port_version = REMOTE_make_string(buffer);
|
||||
port->port_version = REMOTE_make_string(buffer.c_str());
|
||||
|
||||
if (architecture == ARCHITECTURE)
|
||||
port->port_flags |= PORT_symmetric;
|
||||
@ -2719,12 +2719,11 @@ ISC_STATUS rem_port::info(P_OP op, P_INFO * stuff, PACKET* sendL)
|
||||
stuff->p_info_buffer_length /*sizeof (temp)*/,
|
||||
reinterpret_cast<char*>(temp_buffer) /*temp*/);
|
||||
if (!status_vector[1]) {
|
||||
TEXT version[256];
|
||||
sprintf(version, "%s/%s", GDS_VERSION,
|
||||
this->port_version->str_data);
|
||||
Firebird::string version;
|
||||
version.printf("%s/%s", GDS_VERSION, this->port_version->str_data);
|
||||
MERGE_database_info(temp_buffer /*temp*/, buffer, stuff->p_info_buffer_length,
|
||||
IMPLEMENTATION, 4, 1,
|
||||
reinterpret_cast<const UCHAR*>(version),
|
||||
reinterpret_cast<const UCHAR*>(version.c_str()),
|
||||
reinterpret_cast<UCHAR*>(this->port_host->str_data),
|
||||
0);
|
||||
}
|
||||
@ -3140,7 +3139,6 @@ bool process_packet(rem_port* port,
|
||||
* sent.
|
||||
*
|
||||
**************************************/
|
||||
TEXT msg[128];
|
||||
trdb thd_context(port->port_status_vector);
|
||||
// BRS: This is the same as REM_set_thread_data
|
||||
trdb* tdrdb = &thd_context;
|
||||
@ -3154,19 +3152,15 @@ bool process_packet(rem_port* port,
|
||||
if (!accept_connection(port, &receive->p_cnct, sendL)) {
|
||||
rem_str* string = port->port_user_name;
|
||||
if (string) {
|
||||
sprintf(msg,
|
||||
"SERVER/process_packet: connection rejected for %*.*s",
|
||||
gds__log("SERVER/process_packet: connection rejected for %*.*s",
|
||||
string->str_length, string->str_length,
|
||||
string->str_data);
|
||||
gds__log(msg, 0);
|
||||
}
|
||||
if (port->port_server->srvr_flags & SRVR_multi_client) {
|
||||
port->port_state = state_broken;
|
||||
}
|
||||
else {
|
||||
gds__log
|
||||
("SERVER/process_packet: connect reject, server exiting",
|
||||
0);
|
||||
gds__log("SERVER/process_packet: connect reject, server exiting");
|
||||
ThreadData::restoreSpecific();
|
||||
return false;
|
||||
}
|
||||
@ -3375,9 +3369,8 @@ bool process_packet(rem_port* port,
|
||||
break;
|
||||
|
||||
default:
|
||||
sprintf(msg, "SERVER/process_packet: don't understand packet type %d",
|
||||
gds__log("SERVER/process_packet: don't understand packet type %d",
|
||||
receive->p_operation);
|
||||
gds__log(msg, 0);
|
||||
port->port_state = state_broken;
|
||||
break;
|
||||
}
|
||||
|
@ -199,16 +199,12 @@ static void xnet_log_error(int source_line_num, const char* err_msg, ULONG err_c
|
||||
* Error logging when port isn;t yet allocated
|
||||
*
|
||||
**************************************/
|
||||
char err_msg_buff[BUFFER_SMALL];
|
||||
|
||||
if (err_code)
|
||||
sprintf(err_msg_buff, "XNET error (xnet:%d) %s Win32 error = %"ULONGFORMAT"\n",
|
||||
gds__log("XNET error (xnet:%d) %s Win32 error = %"ULONGFORMAT"\n",
|
||||
source_line_num, err_msg, err_code);
|
||||
else
|
||||
sprintf(err_msg_buff, "XNET error (xnet:%d) %s\n",
|
||||
gds__log("XNET error (xnet:%d) %s\n",
|
||||
source_line_num, err_msg);
|
||||
|
||||
gds__log(err_msg_buff);
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user