From 47c305684aa42f683068bf82cfd0763db7176a12 Mon Sep 17 00:00:00 2001 From: yanghaoran Date: Fri, 26 Nov 2021 14:27:35 +0800 Subject: [PATCH] add null_dereference_check.patch and revise unixODBC.spec --- null_dereference_check.patch | 77 ++++++++++++++++++++++++++++++++++++ unixODBC.spec | 6 ++- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 null_dereference_check.patch diff --git a/null_dereference_check.patch b/null_dereference_check.patch new file mode 100644 index 0000000..4a37061 --- /dev/null +++ b/null_dereference_check.patch @@ -0,0 +1,77 @@ +diff -rNu unixODBC-2.3.9/DriverManager/SQLGetDiagField.c unixODBC-new/DriverManager/SQLGetDiagField.c +--- unixODBC-2.3.9/DriverManager/SQLGetDiagField.c 2018-10-24 21:31:50.000000000 +0800 ++++ unixODBC-new/DriverManager/SQLGetDiagField.c 2021-11-26 11:28:53.723787747 +0800 +@@ -701,12 +701,16 @@ + { + strcpy( diag_info_ptr, str ); + } +- else ++ else if (buffer_length > 0) + { + ret = SQL_SUCCESS_WITH_INFO; + memcpy( diag_info_ptr, str, buffer_length - 1 ); + (( char * ) diag_info_ptr )[ buffer_length - 1 ] = '\0'; + } ++ else ++ { ++ return SQL_ERROR; ++ } + } + if ( string_length_ptr ) + { +diff -rNu unixODBC-2.3.9/DriverManager/SQLGetStmtAttr.c unixODBC-new/DriverManager/SQLGetStmtAttr.c +--- unixODBC-2.3.9/DriverManager/SQLGetStmtAttr.c 2019-05-21 01:46:10.000000000 +0800 ++++ unixODBC-new/DriverManager/SQLGetStmtAttr.c 2021-11-26 11:30:02.537064385 +0800 +@@ -188,6 +188,10 @@ + SQLRETURN ret; + SQLCHAR s1[ 100 + LOG_MESSAGE_LEN ]; + ++ if (value == NULL) { ++ return SQL_ERROR; ++ } ++ + /* + * check statement + */ +diff -rNu unixODBC-2.3.9/DriverManager/SQLGetStmtOption.c unixODBC-new/DriverManager/SQLGetStmtOption.c +--- unixODBC-2.3.9/DriverManager/SQLGetStmtOption.c 2018-10-24 21:34:27.000000000 +0800 ++++ unixODBC-new/DriverManager/SQLGetStmtOption.c 2021-11-26 11:30:43.685827785 +0800 +@@ -132,6 +132,10 @@ + * check statement + */ + ++ if (value == NULL) { ++ return SQL_ERROR; ++ } ++ + if ( !__validate_stmt( statement )) + { + dm_log_write( __FILE__, +diff -rNu unixODBC-2.3.9/DriverManager/SQLParamOptions.c unixODBC-new/DriverManager/SQLParamOptions.c +--- unixODBC-2.3.9/DriverManager/SQLParamOptions.c 2018-05-30 17:24:07.000000000 +0800 ++++ unixODBC-new/DriverManager/SQLParamOptions.c 2021-11-26 11:31:39.094855745 +0800 +@@ -141,6 +141,10 @@ + * check statement + */ + ++ if (statement -> connection -> driver_act_ver != SQL_OV_ODBC2) { ++ return SQL_ERROR; ++ } ++ + if ( !__validate_stmt( statement )) + { + dm_log_write( __FILE__, +diff -rNu unixODBC-2.3.9/DriverManager/SQLRowCount.c unixODBC-new/DriverManager/SQLRowCount.c +--- unixODBC-2.3.9/DriverManager/SQLRowCount.c 2018-05-30 17:24:07.000000000 +0800 ++++ unixODBC-new/DriverManager/SQLRowCount.c 2021-11-26 11:32:24.967706787 +0800 +@@ -139,6 +139,10 @@ + SQLRETURN ret; + SQLCHAR s1[ 100 + LOG_MESSAGE_LEN ]; + ++ if (!rowcount) { ++ return SQL_ERROR; ++ } ++ + /* + * check statement + */ diff --git a/unixODBC.spec b/unixODBC.spec index d98db19..f08f2d4 100644 --- a/unixODBC.spec +++ b/unixODBC.spec @@ -1,11 +1,12 @@ Name: unixODBC Version: 2.3.9 -Release: 1 +Release: 2 Summary: Open-source project that implements the ODBC API License: GPLv2+ and LGPLv2+ URL: http://www.unixODBC.org/ Source: http://www.unixODBC.org/%{name}-%{version}.tar.gz Source1: odbcinst.ini +Patch0000: null_dereference_check.patch Conflicts: iodbc BuildRequires: automake autoconf libtool libtool-ltdl-devel bison flex readline-devel @@ -88,6 +89,9 @@ find doc -name 'Makefile*' | xargs rm %exclude %{_datadir}/libtool %changelog +* Fri Nov 26 2021 Haoran Yang - 2.3.9-2 +- add null_dereference_check.patch + * Thu Nov 25 2021 Haoran Yang - 2.3.9-1 - update unixODBC from version 2.3.7 to 2.3.9 and delete old patches -- Gitee