From b8e5024b2d48c5375fa3dd30121724fab9676e99 Mon Sep 17 00:00:00 2001
From: Sergei Golovan <sgolovan@gmail.com>
Date: Thu, 27 Jun 2013 09:42:57 +0400
Subject: Added a few input checks which prevent odbcserver crash if it's
 executed and supplied incorrect data to stdin. A crash example:

echo -en "\x0\x0\x0\x1\x0" | ./odbcserver
---
 lib/odbc/c_src/odbcserver.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'lib')

diff --git a/lib/odbc/c_src/odbcserver.c b/lib/odbc/c_src/odbcserver.c
index 5730e20774..8de81a30ae 100644
--- a/lib/odbc/c_src/odbcserver.c
+++ b/lib/odbc/c_src/odbcserver.c
@@ -277,11 +277,15 @@ int main(void)
     msg = receive_erlang_port_msg();
 
     temp = strtok(msg, ";");
+    if (temp == NULL)
+	DO_EXIT(EXIT_STDIN_BODY);
     length = strlen(temp);
     supervisor_port = safe_malloc(length + 1);
     strcpy(supervisor_port, temp);
 
     temp = strtok(NULL, ";");
+    if (temp == NULL)
+	DO_EXIT(EXIT_STDIN_BODY);
     length = strlen(temp);
     odbc_port = safe_malloc(length + 1);
     strcpy(odbc_port, temp);
@@ -1819,12 +1823,20 @@ static byte * receive_erlang_port_msg(void)
 	len |= lengthstr[i];
     }
     
+    if (len <= 0 || len > 1024) {
+	DO_EXIT(EXIT_STDIN_HEADER);
+    }
+
     buffer = (byte *)safe_malloc(len);
     
     if (read_exact(buffer, len) <= 0) {
 	DO_EXIT(EXIT_STDIN_BODY);
     }
 
+    if (buffer[len-1] != '\0') {
+	DO_EXIT(EXIT_STDIN_BODY);
+    }
+
     return buffer;
 }
  
-- 
cgit v1.2.3