aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Chochol <[email protected]>2018-12-19 08:02:03 +0100
committerJan Chochol <[email protected]>2018-12-19 08:05:46 +0100
commit75ae8bc8efa94103d68cb203c1e81088f9c38d32 (patch)
treebd2591180b358d282c101a81e43d01f720cf4cd0
parent7cb403e4aa044fd2cc7702dbe8e2d0eea68e81f3 (diff)
downloadotp-75ae8bc8efa94103d68cb203c1e81088f9c38d32.tar.gz
otp-75ae8bc8efa94103d68cb203c1e81088f9c38d32.tar.bz2
otp-75ae8bc8efa94103d68cb203c1e81088f9c38d32.zip
odbc: Fix stack corruption in get_diagnos in odbcserver
SQLGetDiagRec can fill output buffer and return SQL_SUCCESS_WITH_INFO. In that case we can not use strcat on diagnos.error_msg as it will write outside allocated space. Correctly set acc_errmsg_size in such case. See also ERL-808 at bugs.erlang.org.
-rw-r--r--lib/odbc/c_src/odbcserver.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/odbc/c_src/odbcserver.c b/lib/odbc/c_src/odbcserver.c
index 6e8ab5b0c8..fe881a211c 100644
--- a/lib/odbc/c_src/odbcserver.c
+++ b/lib/odbc/c_src/odbcserver.c
@@ -2749,6 +2749,11 @@ static diagnos get_diagnos(SQLSMALLINT handleType, SQLHANDLE handle, Boolean ext
errmsg_buffer_size = errmsg_buffer_size - errmsg_size;
acc_errmsg_size = acc_errmsg_size + errmsg_size;
current_errmsg_pos = current_errmsg_pos + errmsg_size;
+ } else if(result == SQL_SUCCESS_WITH_INFO && errmsg_size >= errmsg_buffer_size) {
+ memcpy(diagnos.sqlState, current_sql_state, SQL_STATE_SIZE);
+ diagnos.nativeError = nativeError;
+ acc_errmsg_size = errmsg_buffer_size;
+ break;
} else {
break;
}