From 75ae8bc8efa94103d68cb203c1e81088f9c38d32 Mon Sep 17 00:00:00 2001 From: Jan Chochol Date: Wed, 19 Dec 2018 08:02:03 +0100 Subject: odbc: Fix stack corruption in get_diagnos in odbcserver SQLGetDiagRec can fill output buffer and return SQL_SUCCESS_WITH_INFO. In that case we can not use strcat on diagnos.error_msg as it will write outside allocated space. Correctly set acc_errmsg_size in such case. See also ERL-808 at bugs.erlang.org. --- lib/odbc/c_src/odbcserver.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/odbc/c_src/odbcserver.c b/lib/odbc/c_src/odbcserver.c index 6e8ab5b0c8..fe881a211c 100644 --- a/lib/odbc/c_src/odbcserver.c +++ b/lib/odbc/c_src/odbcserver.c @@ -2749,6 +2749,11 @@ static diagnos get_diagnos(SQLSMALLINT handleType, SQLHANDLE handle, Boolean ext errmsg_buffer_size = errmsg_buffer_size - errmsg_size; acc_errmsg_size = acc_errmsg_size + errmsg_size; current_errmsg_pos = current_errmsg_pos + errmsg_size; + } else if(result == SQL_SUCCESS_WITH_INFO && errmsg_size >= errmsg_buffer_size) { + memcpy(diagnos.sqlState, current_sql_state, SQL_STATE_SIZE); + diagnos.nativeError = nativeError; + acc_errmsg_size = errmsg_buffer_size; + break; } else { break; } -- cgit v1.2.3