From 4f05c873e02705ac56c14ccad5c10b7b4b00e7a6 Mon Sep 17 00:00:00 2001 From: RHEL Packaging Agent Date: Fri, 3 Oct 2025 12:11:55 +0000 Subject: [PATCH] Fix buffer overflow in __iptr_as_string() The patch fixes a buffer overflow in the __iptr_as_string() function by increasing the buffer size. This prevents potential crashes and security vulnerabilities. Upstream fix: https://github.com/lurcher/unixODBC/commit/ad6fcd536b2c8940dd501bf094b756bb89a52e53.patch Resolves: RHEL-118425 This commit was backported by Jotnar, a Red Hat Enterprise Linux software maintenance AI agent. Assisted-by: Jotnar --- RHEL-118425.patch | 67 +++++++++++++++++++++++++++++++++++++++++++++++ unixODBC.spec | 8 +++++- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 RHEL-118425.patch diff --git a/RHEL-118425.patch b/RHEL-118425.patch new file mode 100644 index 0000000..a8c28bd --- /dev/null +++ b/RHEL-118425.patch @@ -0,0 +1,67 @@ +From b4d43c1fc5fb369fb29a5f97868ea12f093375a4 Mon Sep 17 00:00:00 2001 +From: Markus Beth +Date: Thu, 22 Apr 2021 23:14:09 +0200 +Subject: [PATCH] fix __iptr_as_string() overflows buffer + +--- + DriverManager/SQLError.c | 2 +- + DriverManager/SQLErrorW.c | 2 +- + DriverManager/SQLGetDiagRec.c | 2 +- + DriverManager/SQLGetDiagRecW.c | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/DriverManager/SQLError.c b/DriverManager/SQLError.c +index d4a2a0a..0bbb748 100644 +--- a/DriverManager/SQLError.c ++++ b/DriverManager/SQLError.c +@@ -311,7 +311,7 @@ SQLRETURN SQLError( SQLHENV environment_handle, + SQLSMALLINT *text_length ) + { + SQLRETURN ret; +- SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ]; ++ SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ]; + SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ]; + + DMHENV environment = NULL; +diff --git a/DriverManager/SQLErrorW.c b/DriverManager/SQLErrorW.c +index 16df262..64ea90e 100644 +--- a/DriverManager/SQLErrorW.c ++++ b/DriverManager/SQLErrorW.c +@@ -279,7 +279,7 @@ SQLRETURN SQLErrorW( SQLHENV environment_handle, + SQLSMALLINT *text_length ) + { + SQLRETURN ret; +- SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ]; ++ SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ]; + SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ]; + SQLCHAR s3[ 100 + LOG_MESSAGE_LEN ]; + +diff --git a/DriverManager/SQLGetDiagRec.c b/DriverManager/SQLGetDiagRec.c +index 6d93ede..0f424c8 100644 +--- a/DriverManager/SQLGetDiagRec.c ++++ b/DriverManager/SQLGetDiagRec.c +@@ -561,7 +561,7 @@ SQLRETURN SQLGetDiagRec( SQLSMALLINT handle_type, + SQLSMALLINT *text_length_ptr ) + { + SQLRETURN ret; +- SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ]; ++ SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ]; + SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ]; + + DMHENV environment = ( DMHENV ) handle; +diff --git a/DriverManager/SQLGetDiagRecW.c b/DriverManager/SQLGetDiagRecW.c +index 1640047..7eecc03 100644 +--- a/DriverManager/SQLGetDiagRecW.c ++++ b/DriverManager/SQLGetDiagRecW.c +@@ -424,7 +424,7 @@ SQLRETURN SQLGetDiagRecW( SQLSMALLINT handle_type, + SQLSMALLINT *text_length_ptr ) + { + SQLRETURN ret; +- SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ]; ++ SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ]; + SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ]; + SQLCHAR s3[ 100 + LOG_MESSAGE_LEN ]; + +-- +2.47.3 + diff --git a/unixODBC.spec b/unixODBC.spec index 9d89fca..8b82358 100644 --- a/unixODBC.spec +++ b/unixODBC.spec @@ -1,7 +1,7 @@ Summary: A complete ODBC driver manager for Linux Name: unixODBC Version: 2.3.7 -Release: 1%{?dist} +Release: 2%{?dist} Group: System Environment/Libraries URL: http://www.unixODBC.org/ # Programs are GPL, libraries are LGPL, except News Server library is GPL. @@ -13,6 +13,7 @@ Source5: README.dist Patch8: so-version-bump.patch Patch9: keep-typedefs.patch +Patch10: RHEL-118425.patch Conflicts: iodbc @@ -39,6 +40,7 @@ ODBC, you need to install this package. %setup -q %patch8 -p1 -b .soname-bump %patch9 -p1 +%patch10 -p1 chmod 0644 Drivers/MiniSQL/*.c chmod 0644 Drivers/nn/*.c @@ -124,6 +126,10 @@ done %postun -p /sbin/ldconfig %changelog +* Fri Oct 03 2025 RHEL Packaging Agent - 2.3.7-2 +- fix __iptr_as_string() overflows buffer +- Resolves: RHEL-118425 + * Sat Aug 11 2018 Pavel Raiskup - 2.3.7-1 - update to version 2.3.7