Commit 94ac1cd

committed

Merge branch 'PHP-8.4'

* PHP-8.4: Fix GH-16450: PDO_ODBC can inject garbage into field values

2 parents 50a3f01 + 331bd95 commit 94ac1cdCopy full SHA for 94ac1cd

File tree

3 files changed

+39

-3

lines changed

ext/pdo_odbc
- odbc_stmt.c
- tests
  - gh16450.phpt
  - test.mdb

3 files changed

+39

-3

lines changed

`‎ext/pdo_odbc/odbc_stmt.c‎`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -689,11 +689,12 @@ static int odbc_stmt_get_col(pdo_stmt_t stmt, int colno, zval result, enum pdo`
`689`	`689`	`/* read block. 256 bytes => 255 bytes are actually read, the last 1 is NULL */`
`690`	`690`	`rc = SQLGetData(S->stmt, colno+1, C->is_unicode ? SQL_C_BINARY : SQL_C_CHAR, buf2, 256, &C->fetched_len);`
`691`	`691`
`692`		- /* adjust `used` in case we have length info from the driver */
	`692`	+ /* adjust `used` in case we have proper length info from the driver */
`693`	`693`	`if (orig_fetched_len >= 0 && C->fetched_len >= 0) {`
`694`	`694`	`SQLLEN fixed_used = orig_fetched_len - C->fetched_len;`
`695`		`- ZEND_ASSERT(fixed_used <= used + 1);`
`696`		`- used = fixed_used;`
	`695`	`+ if (fixed_used <= used + 1) {`
	`696`	`+ used = fixed_used;`
	`697`	`+ }`
`697`	`698`	`}`
`698`	`699`
`699`	`700`	`/* resize output buffer and reassemble block */`

`‎ext/pdo_odbc/tests/gh16450.phpt‎`

Lines changed: 35 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,35 @@`
	`1`	`+--TEST--`
	`2`	`+GH-16450 (PDO_ODBC can inject garbage into field values)`
	`3`	`+--EXTENSIONS--`
	`4`	`+pdo_odbc`
	`5`	`+--SKIPIF--`
	`6`	`+<?php`
	`7`	`+$dbpath = __DIR__ . "/test.mdb";`
	`8`	`+try {`
	`9`	`+ new PDO("odbc:Driver={Microsoft Access Driver (.mdb, .accdb)};Dbq=$dbpath;Uid=Admin;Pwd=;");`
	`10`	`+} catch (PDOException $ex) {`
	`11`	`+ die("skip Cannot connect to MS Access database");`
	`12`	`+}`
	`13`	`+?>`
	`14`	`+--FILE--`
	`15`	`+<?php`
	`16`	`+$dbpath = __DIR__ . "/test.mdb";`
	`17`	`+$pdo = new PDO("odbc:Driver={Microsoft Access Driver (.mdb, .accdb)};Dbq=$dbpath;Uid=Admin;Pwd=;");`
	`18`	`+`
	`19`	`+$pdo->exec("CREATE TABLE gh16450 (Id INT, MyLongText LONGCHAR)");`
	`20`	`+$pdo->exec(sprintf("INSERT INTO gh16450 VALUES (1, '%s')", str_repeat("_", 2048)));`
	`21`	`+$pdo->exec(sprintf("INSERT INTO gh16450 VALUES (1, '%s')", str_repeat("_", 2049)));`
	`22`	`+`
	`23`	`+$stmt = $pdo->query("SELECT MyLongText FROM gh16450");`
	`24`	`+var_dump($stmt->fetchColumn(0));`
	`25`	`+var_dump($stmt->fetchColumn(0));`
	`26`	`+?>`
	`27`	`+--CLEAN--`
	`28`	`+<?php`
	`29`	`+$dbpath = __DIR__ . "/test.mdb";`
	`30`	`+$pdo = new PDO("odbc:Driver={Microsoft Access Driver (.mdb, .accdb)};Dbq=$dbpath;Uid=Admin;Pwd=;");`
	`31`	`+$pdo->exec("DROP TABLE gh16450");`
	`32`	`+?>`
	`33`	`+--EXPECT--`
	`34`	+string(2048) "________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________"
	`35`	+string(2049) "_________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________"

`‎ext/pdo_odbc/tests/test.mdb‎`

76 KB

Binary file not shown.

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 94ac1cd

File tree

3 files changed

3 files changed

`‎ext/pdo_odbc/odbc_stmt.c‎`

`‎ext/pdo_odbc/tests/gh16450.phpt‎`

`‎ext/pdo_odbc/tests/test.mdb‎`

0 commit comments