calculate
/
gentoo-overlay
7
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '36f8cc30ad'
${ noResults }
gentoo-overlay/dev-db/firebird/files/firebird-2.0.3.12981.0-CVE-...

92 lines
3.2 KiB
Raw Blame History

diff -Naur Firebird-2.0.3.12981-0_orig/src/remote/protocol.cpp Firebird-2.0.3.12981-0/src/remote/protocol.cpp
--- Firebird-2.0.3.12981-0_orig/src/remote/protocol.cpp 2007-11-05 21:07:50.000000000 -0500
+++ Firebird-2.0.3.12981-0/src/remote/protocol.cpp 2008-02-17 19:39:16.000000000 -0500
@@ -1347,7 +1347,7 @@
rem_port* port = (rem_port*) xdrs->x_public;
- if (request_id >= port->port_object_vector->vec_count)
+ if (!port->port_objects || request_id >= port->port_object_vector->vec_count)
return FALSE;
rrq* request = (rrq*) port->port_objects[request_id];
@@ -1644,7 +1644,7 @@
rem_port* port = (rem_port*) xdrs->x_public;
RSR statement;
if (statement_id >= 0) {
- if (statement_id >= port->port_object_vector->vec_count)
+ if (!port->port_objects || statement_id >= port->port_object_vector->vec_count)
return FALSE;
if (!(statement = (RSR) port->port_objects[statement_id]))
return FALSE;
@@ -1736,7 +1736,7 @@
rem_port* port = (rem_port*) xdrs->x_public;
if (statement_id >= 0) {
- if (statement_id >= port->port_object_vector->vec_count)
+ if (!port->port_objects || statement_id >= port->port_object_vector->vec_count)
return FALSE;
statement = (RSR) port->port_objects[statement_id];
}
diff -Naur Firebird-2.0.3.12981-0_orig/src/remote/server.cpp Firebird-2.0.3.12981-0/src/remote/server.cpp
--- Firebird-2.0.3.12981-0_orig/src/remote/server.cpp 2007-11-05 21:07:50.000000000 -0500
+++ Firebird-2.0.3.12981-0/src/remote/server.cpp 2008-02-17 19:39:31.000000000 -0500
@@ -74,7 +74,8 @@
#define CHECK_HANDLE(blk, cast, type, id, err) \
{ \
- if (id >= port->port_object_vector->vec_count || \
+ if (!port->port_objects || \
+ id >= port->port_object_vector->vec_count || \
!(blk = (cast) port->port_objects [id]) || \
((BLK) blk)->blk_type != (UCHAR) type) \
{ \
@@ -87,7 +88,8 @@
#define CHECK_HANDLE_MEMBER(blk, cast, type, id, err) \
{ \
- if (id >= this->port_object_vector->vec_count || \
+ if (!this->port_objects || \
+ id >= this->port_object_vector->vec_count || \
!(blk = (cast) this->port_objects [id]) || \
((BLK) blk)->blk_type != (UCHAR) type) \
{ \
@@ -1011,6 +1013,12 @@
port->port_status_vector = status_vector;
success(status_vector);
+ // This buffer is used by INET and WNET transports
+ // to return the server identification string
+ UCHAR buffer[BUFFER_TINY];
+ const CSTRING save_string = send->p_resp.p_resp_data;
+ send->p_resp.p_resp_data.cstr_address = buffer;
+
rem_port* aux_port = port->request(send);
RDB rdb = port->port_context;
if (bad_db(status_vector, rdb))
@@ -1026,6 +1034,7 @@
/* restore the port status vector */
port->port_status_vector = save_status;
+ send->p_resp.p_resp_data = save_string;
return;
}
@@ -1037,6 +1046,7 @@
/* restore the port status vector */
port->port_status_vector = save_status;
+ send->p_resp.p_resp_data = save_string;
}
@@ -1448,6 +1458,8 @@
printf("disconnect(server) free rdb %x\n", rdb);
#endif
this->port_context = NULL;
+ if (this->port_async)
+ this->port_async->port_context = NULL;
ALLR_release(rdb);
if (this->port_object_vector)
{
Reference in new issue View Git Blame Copy Permalink