php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52885 PDO_DBLIB does not properly quote char(0)
Submitted: 2010-09-19 02:34 UTC Modified: 2014-01-01 12:48 UTC
From: ssufficool@php.net Assigned:
Status: Closed Package: PDO DBlib
PHP Version: 5.3SVN-2010-09-19 (SVN) OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ssufficool@php.net
New email:
PHP Version: OS:

 

 [2010-09-19 02:34 UTC] ssufficool@php.net
Description:
------------
When using bound parameter with char(0), the parameter is truncated. This is a possible SQL injection flaw in the dblib quote implementation.

Test script:
---------------
$stmt = $pdo->prepare("insert into test(image_field) values(?)");
$blob = file_get_contents("test.jpg");
$stmt->execute(array($blob));

Expected result:
----------------
No error

Actual result:
--------------
invalid statement due to truncation of ASCIIZ string in dblib_handle_quoter

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-09-21 01:04 UTC] ssufficool at gmail dot com
There is a larger issue here to do with unicode code page conversions and the such.

What really needs to be done is to implement the native dblib parameter bindings to stop the encoding of all parameters as strings which are then interpreted by iconv to the server charset which may not suport the full range of characters from 0-255.
 [2014-01-01 12:48 UTC] felipe@php.net
-Package: PDO related +Package: PDO DBlib
 [2014-10-25 03:15 UTC] ssufficool@php.net
Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a1a18fca6e2a1690ea113dc2ebe0e7d22fdc71a0
Log: Fixed Bug #52885 - PDO_DBLIB: Binary data may be truncated
 [2014-10-25 03:15 UTC] ssufficool@php.net
-Status: Open +Status: Closed
 [2014-11-18 20:34 UTC] ab@php.net
Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a1a18fca6e2a1690ea113dc2ebe0e7d22fdc71a0
Log: Fixed Bug #52885 - PDO_DBLIB: Binary data may be truncated
 [2016-07-05 05:39 UTC] chris dot kingslynne at gmail dot com
Hi,

This change has completely broken Unicode _text_ support in pdo_dblib using FreeTDS.  This change causes binary encoded UTF-8 data to be sent to the backend that only accepts UTF-16.  It is quite incompatible with PHP 5.5 behaviour and a major BC break!

Can we please discuss reverting this change?

Chris
 [2016-07-20 11:40 UTC] davey@php.net
Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a1a18fca6e2a1690ea113dc2ebe0e7d22fdc71a0
Log: Fixed Bug #52885 - PDO_DBLIB: Binary data may be truncated
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Nov 30 20:01:27 2020 UTC