diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-10-29 11:52:10 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-10-29 11:59:12 +0100 |
| commit | c21e901ba735e927e345b65a35fcd6f585d0c2f3 (patch) | |
| tree | 354dae192cb27de6b6b96250ab3b7ebcc6699e5e /ext/odbc/php_odbc.c | |
| parent | 7817fc07e150620be38a16dd29e50c71e51948a7 (diff) | |
| download | php-git-c21e901ba735e927e345b65a35fcd6f585d0c2f3.tar.gz | |
Fix #44618: Fetching may rely on uninitialized data
Unless `SQLGetData()` returns `SQL_SUCCESS` or `SQL_SUCCESS_WITH_INFO`,
the `StrLen_or_IndPtr` output argument is not guaranteed to be properly
set. Thus we handle retrieval failure other than `SQL_ERROR` by
yielding `false` for those column values and raising a warning.
Closes GH-6281.
Diffstat (limited to 'ext/odbc/php_odbc.c')
| -rw-r--r-- | ext/odbc/php_odbc.c | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c index 1bb832553c..cc0580fb83 100644 --- a/ext/odbc/php_odbc.c +++ b/ext/odbc/php_odbc.c @@ -1810,6 +1810,9 @@ static void php_odbc_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int result_type) if (rc == SQL_SUCCESS_WITH_INFO) { ZVAL_STRINGL(&tmp, buf, result->longreadlen); + } else if (rc != SQL_SUCCESS) { + php_error_docref(NULL, E_WARNING, "Cannot get data of column #%d (retcode %u)", i + 1, rc); + ZVAL_FALSE(&tmp); } else if (result->values[i].vallen == SQL_NULL_DATA) { ZVAL_NULL(&tmp); break; @@ -1962,6 +1965,9 @@ PHP_FUNCTION(odbc_fetch_into) } if (rc == SQL_SUCCESS_WITH_INFO) { ZVAL_STRINGL(&tmp, buf, result->longreadlen); + } else if (rc != SQL_SUCCESS) { + php_error_docref(NULL, E_WARNING, "Cannot get data of column #%d (retcode %u)", i + 1, rc); + ZVAL_FALSE(&tmp); } else if (result->values[i].vallen == SQL_NULL_DATA) { ZVAL_NULL(&tmp); break; @@ -2199,12 +2205,13 @@ PHP_FUNCTION(odbc_result) RETURN_FALSE; } - if (result->values[field_ind].vallen == SQL_NULL_DATA) { - zend_string_efree(field_str); - RETURN_NULL(); - } else if (rc == SQL_NO_DATA_FOUND) { + if (rc != SQL_SUCCESS && rc != SQL_SUCCESS_WITH_INFO) { zend_string_efree(field_str); + php_error_docref(NULL, E_WARNING, "Cannot get data of column #%d (retcode %u)", field_ind + 1, rc); RETURN_FALSE; + } else if (result->values[field_ind].vallen == SQL_NULL_DATA) { + zend_string_efree(field_str); + RETURN_NULL(); } /* Reduce fieldlen by 1 if we have char data. One day we might have binary strings... */ @@ -2250,6 +2257,12 @@ PHP_FUNCTION(odbc_result) RETURN_FALSE; } + if (rc != SQL_SUCCESS && rc != SQL_SUCCESS_WITH_INFO) { + php_error_docref(NULL, E_WARNING, "Cannot get data of column #%d (retcode %u)", field_ind + 1, rc); + efree(field); + RETURN_FALSE; + } + if (result->values[field_ind].vallen == SQL_NULL_DATA) { efree(field); RETURN_NULL(); @@ -2359,6 +2372,11 @@ PHP_FUNCTION(odbc_result_all) } if (rc == SQL_SUCCESS_WITH_INFO) { PHPWRITE(buf, result->longreadlen); + } else if (rc != SQL_SUCCESS) { + php_printf("</td></tr></table>"); + php_error_docref(NULL, E_WARNING, "Cannot get data of column #%d (retcode %u)", i + 1, rc); + efree(buf); + RETURN_FALSE; } else if (result->values[i].vallen == SQL_NULL_DATA) { php_printf("<td>NULL</td>"); break; |