Fix buffer overflow in __iptr_as_string()

The patch fixes a buffer overflow in the __iptr_as_string() function by increasing the buffer size. This prevents potential crashes and security vulnerabilities. Upstream fix: ad6fcd536b.patch Resolves: RHEL-118425 This commit was backported by Jotnar, a Red Hat Enterprise Linux software maintenance AI agent. Assisted-by: Jotnar
2025-10-03 12:11:55 +00:00 · 2025-10-03 12:11:55 +00:00 · 4f05c873e0
commit 4f05c873e0
parent b60f3d9d1b
2 changed files with 74 additions and 1 deletions
--- a/RHEL-118425.patch
+++ b/RHEL-118425.patch
@ -0,0 +1,67 @@
 From b4d43c1fc5fb369fb29a5f97868ea12f093375a4 Mon Sep 17 00:00:00 2001
 From: Markus Beth <markus.beth@web.de>
 Date: Thu, 22 Apr 2021 23:14:09 +0200
 Subject: [PATCH] fix __iptr_as_string() overflows buffer
 ---
 DriverManager/SQLError.c       | 2 +-
 DriverManager/SQLErrorW.c      | 2 +-
 DriverManager/SQLGetDiagRec.c  | 2 +-
 DriverManager/SQLGetDiagRecW.c | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)
 diff --git a/DriverManager/SQLError.c b/DriverManager/SQLError.c
 index d4a2a0a..0bbb748 100644
 --- a/DriverManager/SQLError.c
 +++ b/DriverManager/SQLError.c
@@ -311,7 +311,7 @@ SQLRETURN SQLError( SQLHENV environment_handle,
            SQLSMALLINT *text_length )
 {
     SQLRETURN ret;
 -    SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ];
 +    SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ];
     SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ];
     DMHENV  environment = NULL;
 diff --git a/DriverManager/SQLErrorW.c b/DriverManager/SQLErrorW.c
 index 16df262..64ea90e 100644
 --- a/DriverManager/SQLErrorW.c
 +++ b/DriverManager/SQLErrorW.c
@@ -279,7 +279,7 @@ SQLRETURN SQLErrorW( SQLHENV environment_handle,
            SQLSMALLINT *text_length )
 {
     SQLRETURN ret;
 -    SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ];
 +    SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ];
     SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ];
     SQLCHAR s3[ 100 + LOG_MESSAGE_LEN ];
 diff --git a/DriverManager/SQLGetDiagRec.c b/DriverManager/SQLGetDiagRec.c
 index 6d93ede..0f424c8 100644
 --- a/DriverManager/SQLGetDiagRec.c
 +++ b/DriverManager/SQLGetDiagRec.c
@@ -561,7 +561,7 @@ SQLRETURN SQLGetDiagRec( SQLSMALLINT handle_type,
         SQLSMALLINT *text_length_ptr )
 {
     SQLRETURN ret;
 -    SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ];
 +    SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ];
     SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ];
     DMHENV environment = ( DMHENV ) handle;
 diff --git a/DriverManager/SQLGetDiagRecW.c b/DriverManager/SQLGetDiagRecW.c
 index 1640047..7eecc03 100644
 --- a/DriverManager/SQLGetDiagRecW.c
 +++ b/DriverManager/SQLGetDiagRecW.c
@@ -424,7 +424,7 @@ SQLRETURN SQLGetDiagRecW( SQLSMALLINT handle_type,
         SQLSMALLINT *text_length_ptr )
 {
     SQLRETURN ret;
 -    SQLCHAR s0[ 32 ], s1[ 100 + LOG_MESSAGE_LEN ];
 +    SQLCHAR s0[ 48 ], s1[ 100 + LOG_MESSAGE_LEN ];
     SQLCHAR s2[ 100 + LOG_MESSAGE_LEN ];
     SQLCHAR s3[ 100 + LOG_MESSAGE_LEN ];
 -- 
 2.47.3
--- a/unixODBC.spec
+++ b/unixODBC.spec
@ -1,7 +1,7 @@
 Summary: A complete ODBC driver manager for Linux
 Name: unixODBC
 Version: 2.3.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: System Environment/Libraries
 URL: http://www.unixODBC.org/
 # Programs are GPL, libraries are LGPL, except News Server library is GPL.
@ -13,6 +13,7 @@ Source5: README.dist
 Patch8: so-version-bump.patch
 Patch9: keep-typedefs.patch
 Patch10: RHEL-118425.patch
 Conflicts: iodbc
@ -39,6 +40,7 @@ ODBC, you need to install this package.
 %setup -q
 %patch8 -p1 -b .soname-bump
 %patch9 -p1
 %patch10 -p1
 chmod 0644 Drivers/MiniSQL/*.c
 chmod 0644 Drivers/nn/*.c
@ -124,6 +126,10 @@ done
 %postun -p /sbin/ldconfig
 %changelog
 * Fri Oct 03 2025 RHEL Packaging Agent <jotnar@redhat.com> - 2.3.7-2
 - fix __iptr_as_string() overflows buffer
 - Resolves: RHEL-118425
 * Sat Aug 11 2018 Pavel Raiskup <praiskup@redhat.com> - 2.3.7-1
 - update to version 2.3.7