CLI may only copy data for null terminated values
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Trafodion |
Fix Released
|
High
|
Cliff Gray |
Bug Description
The CLI interface, ExeCliInterface
The suspicious code is in ExeCliInterface
if ((outputBuf) &&
(
{
*outputBufLen = 0;
if (retcode != 100)
{
if (nullTerminate)
{
char * ptr;
Lng32 len;
}
else
*outputBufLen = outputDatalen_;
}
}
Perhaps the get and copy code should be outside the if (nullTerminate) block.
Queries that result in data not being copied unless nullTerminate is set to true include:
SELECT MAX(columnName) FROM table [WHERE condition];
For called to executeImmediate where the value is not a null-terminated string, passing true for the parameter nullTerminate results in a null/zero being placed in the byte of a variable on the stack near the passed outputBuf. A workaround is to declare dummy variables around the passed outputBuf.
tags: | added: sql-exe |
Changed in trafodion: | |
assignee: | nobody → Sandhya Sundaresan (sandhya-sundaresan) |
importance: | Undecided → High |
Changed in trafodion: | |
assignee: | Sandhya Sundaresan (sandhya-sundaresan) → Cliff Gray (cliff-gray) |
status: | New → In Progress |
milestone: | none → r0.9 |
milestone: | r0.9 → r1.0 |
Changed in trafodion: | |
status: | Fix Committed → Fix Released |
The CLI code that was doing the memory overwrite was fixed. 2345fe418172c61 96b25a20b33
Corresponding kludges were removed in the security code that worked around the original problem and were fixed in Change-Id: If7538eee38178c