Fix buffer overflow in __iptr_as_string()

The patch fixes a buffer overflow in the __iptr_as_string() function by increasing the buffer size. This prevents potential crashes and security vulnerabilities. Upstream fix: ad6fcd536b.patch Resolves: RHEL-118425 This commit was backported by Jotnar, a Red Hat Enterprise Linux software maintenance AI agent. Assisted-by: Jotnar
2025-10-03 12:11:55 +00:00 · 2025-10-03 12:11:55 +00:00 · 4f05c873e0
commit 4f05c873e0
parent b60f3d9d1b
2 changed files with 74 additions and 1 deletions
--- a/RHEL-118425.patch
+++ b/RHEL-118425.patch
@ -0,0 +1,67 @@
+From b4d43c1fc5fb369fb29a5f97868ea12f093375a4 Mon Sep 17 00:00:00 2001
+From: Markus Beth <markus.beth@web.de>
+Date: Thu, 22 Apr 2021 23:14:09 +0200
+Subject: [PATCH] fix __iptr_as_string() overflows buffer
+
+---
+ DriverManager/SQLError.c       | 2 +-
+ DriverManager/SQLErrorW.c      | 2 +-
+ DriverManager/SQLGetDiagRec.c  | 2 +-
+ DriverManager/SQLGetDiagRecW.c | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/DriverManager/SQLError.c b/DriverManager/SQLError.c
+index d4a2a0a..0bbb748 100644
+--- a/DriverManager/SQLError.c
+++ b/DriverManager/SQLError.c
+@@ -311,7 +311,7 @@ SQLRETURN SQLError( SQLHENV environment_handle,
+            SQLSMALLINT *text_length )
+ {
+     SQLRETURN ret;
+-    SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ];
+    SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ];
+     SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ];
+ 
+     DMHENV  environment = NULL;
+diff --git a/DriverManager/SQLErrorW.c b/DriverManager/SQLErrorW.c
+index 16df262..64ea90e 100644
+--- a/DriverManager/SQLErrorW.c
+++ b/DriverManager/SQLErrorW.c
+@@ -279,7 +279,7 @@ SQLRETURN SQLErrorW( SQLHENV environment_handle,
+            SQLSMALLINT *text_length )
+ {
+     SQLRETURN ret;
+-    SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ];
+    SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ];
+     SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ];
+     SQLCHAR s3[ 100 + LOG_MESSAGE_LEN ];
+ 
+diff --git a/DriverManager/SQLGetDiagRec.c b/DriverManager/SQLGetDiagRec.c
+index 6d93ede..0f424c8 100644
+--- a/DriverManager/SQLGetDiagRec.c
+++ b/DriverManager/SQLGetDiagRec.c
+@@ -561,7 +561,7 @@ SQLRETURN SQLGetDiagRec( SQLSMALLINT handle_type,
+         SQLSMALLINT *text_length_ptr )
+ {
+     SQLRETURN ret;
+-    SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ];
+    SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ];
+     SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ];
+ 
+     DMHENV environment = ( DMHENV ) handle;
+diff --git a/DriverManager/SQLGetDiagRecW.c b/DriverManager/SQLGetDiagRecW.c
+index 1640047..7eecc03 100644
+--- a/DriverManager/SQLGetDiagRecW.c
+++ b/DriverManager/SQLGetDiagRecW.c
+@@ -424,7 +424,7 @@ SQLRETURN SQLGetDiagRecW( SQLSMALLINT handle_type,
+         SQLSMALLINT *text_length_ptr )
+ {
+     SQLRETURN ret;
+-    SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ];
+    SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ];
+     SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ];
+     SQLCHAR s3[ 100 + LOG_MESSAGE_LEN ];
+ 
+-- 
+2.47.3
+
--- a/unixODBC.spec
+++ b/unixODBC.spec
@ -1,7 +1,7 @@
 Summary: A complete ODBC driver manager for Linux
 Name: unixODBC
 Version: 2.3.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: System Environment/Libraries
 URL: http://www.unixODBC.org/
 # Programs are GPL, libraries are LGPL, except News Server library is GPL.
@ -13,6 +13,7 @@ Source5: README.dist

 Patch8: so-version-bump.patch
 Patch9: keep-typedefs.patch
+Patch10: RHEL-118425.patch

 Conflicts: iodbc

@ -39,6 +40,7 @@ ODBC, you need to install this package.
 %setup -q
 %patch8 -p1 -b .soname-bump
 %patch9 -p1
+%patch10 -p1

 chmod 0644 Drivers/MiniSQL/*.c
 chmod 0644 Drivers/nn/*.c
@ -124,6 +126,10 @@ done
 %postun -p /sbin/ldconfig

 %changelog
+* Fri Oct 03 2025 RHEL Packaging Agent <jotnar@redhat.com> - 2.3.7-2
+- fix __iptr_as_string() overflows buffer
+- Resolves: RHEL-118425
+
 * Sat Aug 11 2018 Pavel Raiskup <praiskup@redhat.com> - 2.3.7-1
 - update to version 2.3.7