[firebird/epel7] security fix firebird CORE-4630
Philippe Makowski
makowski at fedoraproject.org
Sun Dec 7 17:15:16 UTC 2014
commit b35b5a9154c2848d3bff5befb5f2c609a799d7b7
Author: Philippe Makowski <pmakowski at espelida.com>
Date: Sun Dec 7 18:14:46 2014 +0100
security fix firebird CORE-4630
firebird.spec | 8 +++++-
firebird_fix_CORE-4630.patch | 44 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 50 insertions(+), 2 deletions(-)
---
diff --git a/firebird.spec b/firebird.spec
index d8bd477..cc5dc7f 100644
--- a/firebird.spec
+++ b/firebird.spec
@@ -6,7 +6,7 @@
Summary: SQL relational database management system
Name: firebird
Version: 2.5.3.26778.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Group: Applications/Databases
License: Interbase
@@ -23,7 +23,7 @@ Source6: firebird-superclassic.service
Source7: firebird-superserver.service
# from upstream
-
+Patch0: firebird_fix_CORE-4630.patch
Patch2: firebird-btyacc-fpie.patch
Patch3: firebird-aarch64.patch
@@ -158,6 +158,7 @@ Multi-process, local client libraries for Firebird SQL RDBMS
%prep
%setup -q -n %{pkgname}
+%patch0 -p0
%patch2
%patch3
# convert intl character to UTF-8
@@ -520,6 +521,9 @@ fi
%changelog
+* Sun Dec 7 2014 Philippe Makowski <makowski at fedoraproject.org> 2.5.3.26778.0-2
+- security fix firebird CORE-4630
+
* Sat Jul 26 2014 Philippe Makowski <makowski at fedoraproject.org> - 2.5.3.26778.0-1
- update from upstream 2.5.3
- update arm64 patch
diff --git a/firebird_fix_CORE-4630.patch b/firebird_fix_CORE-4630.patch
new file mode 100644
index 0000000..77dbe5c
--- /dev/null
+++ b/firebird_fix_CORE-4630.patch
@@ -0,0 +1,44 @@
+Index: src/remote/protocol.cpp
+===================================================================
+--- src/remote/protocol.cpp (.../R2_5_3) (revision 60338)
++++ src/remote/protocol.cpp (.../R2_5_3_Upd_1) (revision 60338)
+@@ -398,6 +398,8 @@
+ MAP(xdr_short, reinterpret_cast<SSHORT&>(response->p_resp_object));
+ MAP(xdr_quad, response->p_resp_blob_id);
+ MAP(xdr_cstring, response->p_resp_data);
++ if (!response->p_resp_status_vector) // incorrectly called - packet not prepared
++ return P_FALSE(xdrs, p);
+ return xdr_status_vector(xdrs, response->p_resp_status_vector) ?
+ P_TRUE(xdrs, p) : P_FALSE(xdrs, p);
+
+@@ -1652,9 +1654,12 @@
+
+ SLONG vec;
+ SCHAR* sp = NULL;
++ ISC_STATUS* const end = &vector[ISC_STATUS_LENGTH];
+
+ while (true)
+ {
++ if (vector >= end)
++ return FALSE;
+ if (xdrs->x_op == XDR_ENCODE)
+ vec = (SLONG) * vector++;
+ if (!xdr_long(xdrs, &vec))
+@@ -1670,6 +1675,8 @@
+ case isc_arg_interpreted:
+ case isc_arg_string:
+ case isc_arg_sql_state:
++ if (vector >= end)
++ return FALSE;
+ if (xdrs->x_op == XDR_ENCODE)
+ {
+ if (!xdr_wrapstring(xdrs, reinterpret_cast<SCHAR**>(vector++)))
+@@ -1700,6 +1707,8 @@
+
+ case isc_arg_number:
+ default:
++ if (vector >= end)
++ return FALSE;
+ if (xdrs->x_op == XDR_ENCODE)
+ vec = (SLONG) * vector++;
+ if (!xdr_long(xdrs, &vec))
More information about the scm-commits
mailing list