Segmentation fault in case environment variables are too long

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Segmentation fault in case environment variables are too long

Michael König
  Hi!

My team has encountered a bug in unixODBC 2.2.14, but it is still present in more recent version as well.
If you use environment variables such as HOME and ODBCSYSINI with really long contents, segmentation faults
occur.

Here is a transcript of what happens:

> echo $HOME
/a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789

> echo $ODBCSYSINI
/a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789

> isql "PostgreSQL R&D test database" -v
Segmentation fault

> export ODBCSYSINI=/some/short/path/
> isql "PostgreSQL R&D test database" -v
Segmentation fault

> export HOME=/invalid/directory
> isql "PostgreSQL R&D test database" -v
+---------------------------------------+
| Connected!                            |
|                                       |
| sql-statement                         |
| help [tablename]                      |
| quit                                  |
|                                       |
+---------------------------------------+
SQL> quit

> export HOME=/a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789
> isql "PostgreSQL R&D test database" -v
Segmentation fault

> export ODBCSYSINI=$HOME
> export HOME=/invalid/directory
> isql "PostgreSQL R&D test database" -v
Segmentation fault


In above example, both the short path and the rediculously long path contain a valid ODBC configuration with identical odbc.ini and odbcinst.ini files.

Essentially, environment variables are copied to buffers of fixed lengths without checking their size first, leading to Bad Things.
I propose to either do some proper buffer management or to abort with a reasonable error message in case environment variables are too long.

We encountered this bug in real life. We operate an Apache Aurora cluster and wanted to deploy an application in it which uses unixODBC.
Aurora generates a sandbox for the application. In the event, the HOME environment variable becomes really, really lengthy.
We had to fix the HOME variable to an invalid folder, and use relative folders for the ODBCSYSINI variable.
I would prefer the "proper buffer management" solution so that we can get rid of this workaround.

Cheers

Michael

_______________________________________________
unixODBC-support mailing list
[hidden email]
http://mailman.unixodbc.org/mailman/listinfo/unixodbc-support
Reply | Threaded
Open this post in threaded view
|

Re: Segmentation fault in case environment variables are too long

Mike

Quoting Michael KC6nig <[hidden email]>:

> Hi!
>
> My team has encountered a bug in unixODBC 2.2.14, but it is still  
> present in more recent version as well.
> If you use environment variables such as HOME and ODBCSYSINI with  
> really long contents, segmentation faults
> occur.
>
> Here is a transcript of what happens:
>
>> echo $HOME
> /a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789
>
>> echo $ODBCSYSINI
> /a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789
>
>> isql "PostgreSQL R&D test database" -v
> Segmentation fault
>
>> export ODBCSYSINI=/some/short/path/
>> isql "PostgreSQL R&D test database" -v
> Segmentation fault
>
>> export HOME=/invalid/directory
>> isql "PostgreSQL R&D test database" -v
> +---------------------------------------+
> | Connected!                            |
> |                                       |
> | sql-statement                         |
> | help [tablename]                      |
> | quit                                  |
> |                                       |
> +---------------------------------------+
> SQL> quit
>
>> export  
>> HOME=/a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789
>> isql "PostgreSQL R&D test database" -v
> Segmentation fault
>
>> export ODBCSYSINI=$HOME
>> export HOME=/invalid/directory
>> isql "PostgreSQL R&D test database" -v
> Segmentation fault
>
>
> In above example, both the short path and the rediculously long path  
> contain a valid ODBC configuration with identical odbc.ini and  
> odbcinst.ini files.
>
> Essentially, environment variables are copied to buffers of fixed  
> lengths without checking their size first, leading to Bad Things.
> I propose to either do some proper buffer management or to abort  
> with a reasonable error message in case environment variables are  
> too long.
>
> We encountered this bug in real life. We operate an Apache Aurora  
> cluster and wanted to deploy an application in it which uses unixODBC.
> Aurora generates a sandbox for the application. In the event, the  
> HOME environment variable becomes really, really lengthy.
> We had to fix the HOME variable to an invalid folder, and use  
> relative folders for the ODBCSYSINI variable.
> I would prefer the "proper buffer management" solution so that we  
> can get rid of this workaround.
>
> Cheers
>
> Michael


Nice troubleshooting.  Looks thorough.

Any chance you have a patch too? :)

I'm sure Nick would be willing to entertain a change that would fix that.

Mike B.
_______________________________________________
unixODBC-support mailing list
[hidden email]
http://mailman.unixodbc.org/mailman/listinfo/unixodbc-support
Reply | Threaded
Open this post in threaded view
|

Re: Segmentation fault in case environment variables are too long

Nick Gorham-2

Thanks. I will take a look at it this weekend.

--
Nick
_______________________________________________
unixODBC-support mailing list
[hidden email]
http://mailman.unixodbc.org/mailman/listinfo/unixodbc-support
Reply | Threaded
Open this post in threaded view
|

Re: Segmentation fault in case environment variables are too long

Nick Gorham-2
In reply to this post by Mike
On 23/01/15 01:02, Mike wrote:

>
> Quoting Michael KC6nig <[hidden email]>:
>
>> Hi!
>>
>> My team has encountered a bug in unixODBC 2.2.14, but it is still
>> present in more recent version as well.
>> If you use environment variables such as HOME and ODBCSYSINI with
>> really long contents, segmentation faults
>> occur.
>>
>> Here is a transcript of what happens:
>>
>>> echo $HOME
>> /a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789
>>
>>
>>> echo $ODBCSYSINI
>> /a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789
>>
>>
>>> isql "PostgreSQL R&D test database" -v
>> Segmentation fault
>>
>>> export ODBCSYSINI=/some/short/path/
>>> isql "PostgreSQL R&D test database" -v
>> Segmentation fault

This should be fixed in the current code in subversion and the 2.3.3pre
tar file.

--
Nick
_______________________________________________
unixODBC-support mailing list
[hidden email]
http://mailman.unixodbc.org/mailman/listinfo/unixodbc-support
Reply | Threaded
Open this post in threaded view
|

Re: Segmentation fault in case environment variables are too long

Michael König
Am 30.01.2015 um 15:44 schrieb Nick Gorham:

> On 23/01/15 01:02, Mike wrote:
>>
>> Quoting Michael KC6nig <[hidden email]>:
>>
>>> Hi!
>>>
>>> My team has encountered a bug in unixODBC 2.2.14, but it is still
>>> present in more recent version as well.
>>> If you use environment variables such as HOME and ODBCSYSINI with
>>> really long contents, segmentation faults
>>> occur.
>>>
>>> Here is a transcript of what happens:
>>>
>>>> echo $HOME
>>> /a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789
>>>
>>>
>>>> echo $ODBCSYSINI
>>> /a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789
>>>
>>>
>>>> isql "PostgreSQL R&D test database" -v
>>> Segmentation fault
>>>
>>>> export ODBCSYSINI=/some/short/path/
>>>> isql "PostgreSQL R&D test database" -v
>>> Segmentation fault
>
> This should be fixed in the current code in subversion and the
> 2.3.3pre tar file.
>
Brilliant! Thanks a lot!
_______________________________________________
unixODBC-support mailing list
[hidden email]
http://mailman.unixodbc.org/mailman/listinfo/unixodbc-support