fix(parser): security vulnerabilities in DSN and SQL parsing #1553
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-Replaced `strncasecmp()` with manual comparison in `validate_key()` to prevent reading past buffer boundaries
> Added bounds checking for all string operations
- Maximum key length: 256 characters
- Maximum value length: 65536 characters
- Maximum DSN length: 4096 characters
Fixed uninitialized variable `start_pos` in `parse_conn_string()`
- Changed initial value from -1 to 0
- Added bounds checking before pointer arithmetic
Fixed handling of `{{` and `}}` in DSN values
- Previously treated as malformed input
- Now properly handled as escaped braces per ODBC specification
Added null checks for all input parameters
- Constructor validates `dsn`, `sql_str`, and hash table pointers
- `add_key_value_pair()` handles null value parameter
Added length validation before memory allocation
- Prevents excessive memory allocation from malformed input
Author
|
@microsoft-github-policy-service agree |
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
|
@SajanGhimire1 Thanks for raising the PR for this fix, Can you please check why is the pipeline failing for all OSs and fix it, also I would like you to add some tests to check if the code that you have added really works. |
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
For reference, here are the relevant build errors from these changes: macOSLinux (Ubuntu)Windows |
- Removed invalid 'return true;' outside any function in anonymous namespace. - Replaced unsafe strncasecmp comparison with safe manual lowercase comparison in validate_key(). - Initialized start_pos to 0 in parse_conn_string() to avoid negative indexing issues. - Minor code cleanup for safety and correctness in connection string and SQL string parsers. These changes fix critical parsing bugs in PDO DSN handling and ensure robust validation of keys, values, and placeholders.
Author
Thanks for the review, @jahnvi480! I’ll investigate the pipeline failures across all OSs and add tests to verify the changes. |
Author
Thanks for sharing the build errors, @David-Engel! The issues with 'current_key_name' and 'PDO_SQLSRV_ERROR_INVALID_KEY_LENGTH' have been addressed in the latest fix — the parser now uses 'current_key' and proper key validation. I’ll make sure the pipeline passes on all OSs with added tests. |
Author
@microsoft-github-policy-service agree |
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix PDO DSN parser: remove invalid code and improve key validation