[asterisk-bugs] [JIRA] (ASTERISK-26873) realtime_odbc: heap-buffer-overflow in SQLGetData
Badalian Vyacheslav (JIRA)
noreply at issues.asterisk.org
Tue Mar 14 18:18:10 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-26873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=235828#comment-235828 ]
Badalian Vyacheslav edited comment on ASTERISK-26873 at 3/14/17 6:17 PM:
-------------------------------------------------------------------------
crash in mysql odbc driver here:
/usr/src/debug/mysql-connector-odbc-5.3.7-src/driver/results.c:1508
{code}
1505 /* catalog functions with "fake" results won't have lengths */
1506 length= irrec->row.datalen;
1507 if (!length && stmt->current_values[sColNum])
1508 length= strlen(stmt->current_values[sColNum]);
{code}
{code}
(gdb) p sColNum
$48 = 14
{code}
if i do {{p strlen(stmt->current_values[sColNum])}} it's crash
was (Author: slavon):
crash in mysql odbc driver here:
/usr/src/debug/mysql-connector-odbc-5.3.7-src/driver/results.c:1508
{code}
1505 /* catalog functions with "fake" results won't have lengths */
1506 length= irrec->row.datalen;
1507 if (!length && stmt->current_values[sColNum])
1508 length= strlen(stmt->current_values[sColNum]);
{code}
{code}
(gdb) p sColNum
$48 = 14
{code}
> realtime_odbc: heap-buffer-overflow in SQLGetData
> -------------------------------------------------
>
> Key: ASTERISK-26873
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26873
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Reporter: Badalian Vyacheslav
> Severity: Minor
> Attachments: bt.txt
>
>
> {code}
> =================================================================
> ==16938==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000160975 at pc 0x7fbb2500bff3 bp 0x7fbae98966b0 sp 0x7fbae9895e58
> READ of size 22 at 0x606000160975 thread T153
> #0 0x7fbb2500bff2 (/lib64/libasan.so.3+0x3cff2)
> #1 0x7fbb1a2fbee5 in SQLGetData (/usr/lib64/libmyodbc5a.so+0x5fee5)
> #2 0x7fbb1b544d66 in SQLGetData (/lib64/libodbc.so.2+0x19d66)
> #3 0x7fbb13913ec6 in realtime_odbc /home/pbs.vbadalyan/asterisk-13.14.0/res/res_config_odbc.c:261
> #4 0x5a6c6f in ast_load_realtime_all_fields /home/pbs.vbadalyan/asterisk-13.14.0/main/config.c:3257
> #5 0x5a76db in ast_load_realtime_fields /home/pbs.vbadalyan/asterisk-13.14.0/main/config.c:3291
> #6 0x5a76db in ast_load_realtime /home/pbs.vbadalyan/asterisk-13.14.0/main/config.c:3340
> #7 0x7fbaef2e21a4 in realtime_peer_by_name /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:5439
> #8 0x7fbaef2e21a4 in realtime_peer /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:5626
> #9 0x7fbaef2e21a4 in sip_find_peer_full /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:5741
> #10 0x7fbaef2e2e68 in sip_find_peer /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:5780
> #11 0x7fbaef3412ff in register_verify /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:17628
> #12 0x7fbaef345fee in handle_request_register /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:28467
> #13 0x7fbaef345fee in handle_incoming /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:28775
> #14 0x7fbaef34ac4a in handle_request_do /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:28943
> #15 0x7fbaef34e10e in sip_websocket_callback /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:2659
> #16 0x7fbb0d13abf4 in __ast_websocket_uri_cb /home/pbs.vbadalyan/asterisk-13.14.0/res/res_http_websocket.c:905
> #17 0x63cb05 in handle_uri /home/pbs.vbadalyan/asterisk-13.14.0/main/http.c:1482
> #18 0x63cb05 in httpd_process_request /home/pbs.vbadalyan/asterisk-13.14.0/main/http.c:1906
> #19 0x63d599 in httpd_helper_thread /home/pbs.vbadalyan/asterisk-13.14.0/main/http.c:1993
> #20 0x7930cf in handle_tcptls_connection /home/pbs.vbadalyan/asterisk-13.14.0/main/tcptls.c:742
> #21 0x7b212f in dummy_start /home/pbs.vbadalyan/asterisk-13.14.0/main/utils.c:1235
> #22 0x7fbb22e83dc4 in start_thread (/lib64/libpthread.so.0+0x7dc4)
> #23 0x7fbb2216373c in clone (/lib64/libc.so.6+0xf773c)
> {code}
> some effect with mysql-connector-odbc-5.3.7-1.el7.x86_64 and mysql-connector-odbc-5.3.6-1.el7.x86_64
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list