php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66071 memory corruption in error handling / isc_interprete is unsafe
Submitted: 2013-11-09 07:02 UTC Modified: 2014-04-08 11:15 UTC
From: slavb18 at gmail dot com Assigned: mariuz
Status: Closed Package: PDO Firebird
PHP Version: 5.4.21 OS: any
Private report: No CVE-ID:
 [2013-11-09 07:02 UTC] slavb18 at gmail dot com
Description:
------------
isc_interprete is unsafe, it should be replaced with fb_iterpret

Test script:
---------------
CREATE EXCEPTION D_ACCESS_DENIED 'access denied';
create or alter procedure testex2
returns (
    a integer)
as
begin
  exception D_ACCESS_DENIED 'YXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
  a=1;
  suspend;
end

$q="select * from testex2";
$sth=$pdo->prepare($q);
$sth->execute();
$row=$sth->fetch(PDO::FETCH_ASSOC);
print_r($row);

Expected result:
----------------
 Uncaught exception 'PDOException' with message 'SQLSTATE[HY000]: General error: -836 exception 2 D_ACCESS_DENIED YXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ' 

Actual result:
--------------
*** stack smashing detected ***: php terminated
======= Backtrace: =========
/lib64/libc.so.6(+0x7410f)[0x7fa80dc6410f]
/lib64/libc.so.6(__fortify_fail+0x37)[0x7fa80dce8657]
/lib64/libc.so.6(__fortify_fail+0x0)[0x7fa80dce8620]
/usr/lib64/php5/extensions/pdo_firebird.so(+0x28ee)[0x7fa807c188ee]
/usr/lib64/php5/extensions/pdo.so(+0xa5be)[0x7fa807e275be]
/usr/lib64/php5/extensions/pdo.so(+0x14855)[0x7fa807e31855]
php(+0x6cdcbc)[0x7fa80f9cecbc]
php(execute+0x1e7)[0x7fa80f939367]
php(zend_execute_scripts+0x182)[0x7fa80f90ff02]
php(php_execute_script+0x1cc)[0x7fa80f8a92cc]
php(+0x6cfd1f)[0x7fa80f9d0d1f]
php(+0x468f33)[0x7fa80f769f33]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fa80dc11be5]
php(+0x468fd1)[0x7fa80f769fd1]


Patches

fb_interpret (last revision 2013-11-10 05:40 UTC) by slavb18 at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-01 12:27 UTC] felipe@php.net
-Package: PDO related +Package: PDO Firebird
 [2014-04-08 11:07 UTC] mariuz@php.net
-Assigned To: +Assigned To: mariuz
 [2014-04-08 11:15 UTC] mariuz@php.net
-Status: Assigned +Status: Closed
 [2014-04-08 11:15 UTC] mariuz@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Thank you patch applied to master , please retest it
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC