PHP :: Bug #52885 :: PDO_DBLIB does not properly quote char(0)

Bug #52885	PDO_DBLIB does not properly quote char(0)
Submitted:	2010-09-19 02:34 UTC	Modified:	2014-01-01 12:48 UTC
From:	ssufficool@php.net	Assigned:
Status:	Closed	Package:	PDO DBlib
PHP Version:	5.3SVN-2010-09-19 (SVN)	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 36 + 34 = ?
Subscribe to this entry?

[2010-09-19 02:34 UTC] ssufficool@php.net

Description:
------------
When using bound parameter with char(0), the parameter is truncated. This is a possible SQL injection flaw in the dblib quote implementation.

Test script:
---------------
$stmt = $pdo->prepare("insert into test(image_field) values(?)");
$blob = file_get_contents("test.jpg");
$stmt->execute(array($blob));

Expected result:
----------------
No error

Actual result:
--------------
invalid statement due to truncation of ASCIIZ string in dblib_handle_quoter

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-09-21 01:04 UTC] ssufficool at gmail dot com

There is a larger issue here to do with unicode code page conversions and the such.

What really needs to be done is to implement the native dblib parameter bindings to stop the encoding of all parameters as strings which are then interpreted by iconv to the server charset which may not suport the full range of characters from 0-255.

[2014-01-01 12:48 UTC] felipe@php.net

-Package: PDO related +Package: PDO DBlib

[2014-10-25 03:15 UTC] ssufficool@php.net

Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a1a18fca6e2a1690ea113dc2ebe0e7d22fdc71a0
Log: Fixed Bug #52885 - PDO_DBLIB: Binary data may be truncated

[2014-10-25 03:15 UTC] ssufficool@php.net

-Status: Open +Status: Closed

[2014-11-18 20:34 UTC] ab@php.net

Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a1a18fca6e2a1690ea113dc2ebe0e7d22fdc71a0
Log: Fixed Bug #52885 - PDO_DBLIB: Binary data may be truncated

[2016-07-05 05:39 UTC] chris dot kingslynne at gmail dot com

Hi,

This change has completely broken Unicode _text_ support in pdo_dblib using FreeTDS.  This change causes binary encoded UTF-8 data to be sent to the backend that only accepts UTF-16.  It is quite incompatible with PHP 5.5 behaviour and a major BC break!

Can we please discuss reverting this change?

Chris

[2016-07-20 11:40 UTC] davey@php.net

Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a1a18fca6e2a1690ea113dc2ebe0e7d22fdc71a0
Log: Fixed Bug #52885 - PDO_DBLIB: Binary data may be truncated

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 16:01:30 2024 UTC