aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSergei Golovan <[email protected]>2013-06-27 09:42:57 +0400
committerSergei Golovan <[email protected]>2013-06-27 09:42:57 +0400
commitb8e5024b2d48c5375fa3dd30121724fab9676e99 (patch)
tree26072ead9246f482d9f338243c54ec8278a06cc6
parent10d93045982fc1477a4dade95d1cc400928fec14 (diff)
downloadotp-b8e5024b2d48c5375fa3dd30121724fab9676e99.tar.gz
otp-b8e5024b2d48c5375fa3dd30121724fab9676e99.tar.bz2
otp-b8e5024b2d48c5375fa3dd30121724fab9676e99.zip
Added a few input checks which prevent odbcserver crash if it's executed
and supplied incorrect data to stdin. A crash example: echo -en "\x0\x0\x0\x1\x0" | ./odbcserver
-rw-r--r--lib/odbc/c_src/odbcserver.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/odbc/c_src/odbcserver.c b/lib/odbc/c_src/odbcserver.c
index 5730e20774..8de81a30ae 100644
--- a/lib/odbc/c_src/odbcserver.c
+++ b/lib/odbc/c_src/odbcserver.c
@@ -277,11 +277,15 @@ int main(void)
msg = receive_erlang_port_msg();
temp = strtok(msg, ";");
+ if (temp == NULL)
+ DO_EXIT(EXIT_STDIN_BODY);
length = strlen(temp);
supervisor_port = safe_malloc(length + 1);
strcpy(supervisor_port, temp);
temp = strtok(NULL, ";");
+ if (temp == NULL)
+ DO_EXIT(EXIT_STDIN_BODY);
length = strlen(temp);
odbc_port = safe_malloc(length + 1);
strcpy(odbc_port, temp);
@@ -1819,12 +1823,20 @@ static byte * receive_erlang_port_msg(void)
len |= lengthstr[i];
}
+ if (len <= 0 || len > 1024) {
+ DO_EXIT(EXIT_STDIN_HEADER);
+ }
+
buffer = (byte *)safe_malloc(len);
if (read_exact(buffer, len) <= 0) {
DO_EXIT(EXIT_STDIN_BODY);
}
+ if (buffer[len-1] != '\0') {
+ DO_EXIT(EXIT_STDIN_BODY);
+ }
+
return buffer;
}