mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-27 03:44:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.4'

Browse Source 
* PHP-8.4:
  Fix GH-16450: PDO_ODBC can inject garbage into field values
This commit is contained in:
Christoph M. Becker 2024-10-31 16:18:25 +01:00
commit 94ac1cd1df
No known key found for this signature in database
GPG Key ID: D66C9593118BCCB6
3 changed files with 39 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ext/pdo_odbc/odbc_stmt.c
View File

@ -689,11 +689,12 @@ static int odbc_stmt_get_col(pdo_stmt_t *stmt, int colno, zval *result, enum pdo
/* read block. 256 bytes => 255 bytes are actually read, the last 1 is NULL */
rc = SQLGetData(S->stmt, colno+1, C->is_unicode ? SQL_C_BINARY : SQL_C_CHAR, buf2, 256, &C->fetched_len);
/* adjust `used` in case we have length info from the driver */
/* adjust `used` in case we have proper length info from the driver */
if (orig_fetched_len >= 0 && C->fetched_len >= 0) {
SQLLEN fixed_used = orig_fetched_len - C->fetched_len;
ZEND_ASSERT(fixed_used <= used + 1);
used = fixed_used;
if (fixed_used <= used + 1) {
used = fixed_used;
}
}
/* resize output buffer and reassemble block */

35
ext/pdo_odbc/tests/gh16450.phpt Normal file
View File

@ -0,0 +1,35 @@
--TEST--
GH-16450 (PDO_ODBC can inject garbage into field values)
--EXTENSIONS--
pdo_odbc
--SKIPIF--
<?php
$dbpath = __DIR__ . "/test.mdb";
try {
new PDO("odbc:Driver={Microsoft Access Driver (*.mdb, *.accdb)};Dbq=$dbpath;Uid=Admin;Pwd=;");
} catch (PDOException $ex) {
die("skip Cannot connect to MS Access database");
}
?>
--FILE--
<?php
$dbpath = __DIR__ . "/test.mdb";
$pdo = new PDO("odbc:Driver={Microsoft Access Driver (*.mdb, *.accdb)};Dbq=$dbpath;Uid=Admin;Pwd=;");
$pdo->exec("CREATE TABLE gh16450 (Id INT, MyLongText LONGCHAR)");
$pdo->exec(sprintf("INSERT INTO gh16450 VALUES (1, '%s')", str_repeat("_", 2048)));
$pdo->exec(sprintf("INSERT INTO gh16450 VALUES (1, '%s')", str_repeat("_", 2049)));
$stmt = $pdo->query("SELECT MyLongText FROM gh16450");
var_dump($stmt->fetchColumn(0));
var_dump($stmt->fetchColumn(0));
?>
--CLEAN--
<?php
$dbpath = __DIR__ . "/test.mdb";
$pdo = new PDO("odbc:Driver={Microsoft Access Driver (*.mdb, *.accdb)};Dbq=$dbpath;Uid=Admin;Pwd=;");
$pdo->exec("DROP TABLE gh16450");
?>
--EXPECT--
string(2048) "________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________"
string(2049) "_________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________"

BIN
ext/pdo_odbc/tests/test.mdb Normal file
View File

Binary file not shown.