From 454f2102935c1199e50c6d7482b7319c69f037ea Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Mon, 19 Sep 2016 18:21:08 +0200
Subject: php-sqlsrv: fix buffer overflow + fix reported version

---
 sqlsrv-pr157.patch | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 sqlsrv-pr157.patch

(limited to 'sqlsrv-pr157.patch')

diff --git a/sqlsrv-pr157.patch b/sqlsrv-pr157.patch
new file mode 100644
index 0000000..11818e6
--- /dev/null
+++ b/sqlsrv-pr157.patch
@@ -0,0 +1,45 @@
+From 5e27f69cbb66d7468645f337858c2b140274b4b6 Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora@famillecollet.com>
+Date: Mon, 19 Sep 2016 17:49:57 +0200
+Subject: [PATCH] fix buffer overflow, raising segfault in pdo driver
+
+---
+ source/pdo_sqlsrv/pdo_dbh.cpp  | 2 +-
+ source/pdo_sqlsrv/pdo_stmt.cpp | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source/pdo_sqlsrv/pdo_dbh.cpp b/source/pdo_sqlsrv/pdo_dbh.cpp
+index 20f996b..079eca0 100644
+--- a/source/pdo_sqlsrv/pdo_dbh.cpp
++++ b/source/pdo_sqlsrv/pdo_dbh.cpp
+@@ -361,7 +361,7 @@ struct pdo_dbh_methods pdo_sqlsrv_dbh_methods = {
+ { \
+     pdo_sqlsrv_dbh* driver_dbh = reinterpret_cast<pdo_sqlsrv_dbh*>( dbh->driver_data ); \
+     driver_dbh->set_func( __FUNCTION__ ); \
+-    int length = strlen(__FUNCTION__); \
++    int length = strlen(__FUNCTION__)+strlen(": entering"); \
+     char func[length+1]; \
+     LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); \
+ }
+diff --git a/source/pdo_sqlsrv/pdo_stmt.cpp b/source/pdo_sqlsrv/pdo_stmt.cpp
+index dc989f4..4486404 100644
+--- a/source/pdo_sqlsrv/pdo_stmt.cpp
++++ b/source/pdo_sqlsrv/pdo_stmt.cpp
+@@ -339,7 +339,7 @@ void stmt_option_emulate_prepares:: operator()( sqlsrv_stmt* stmt, stmt_option c
+ { \
+     pdo_sqlsrv_stmt* driver_stmt = reinterpret_cast<pdo_sqlsrv_stmt*>( stmt->driver_data ); \
+     driver_stmt->set_func( __FUNCTION__ ); \
+-    int length = strlen(__FUNCTION__); \
++    int length = strlen(__FUNCTION__)+strlen(": entering"); \
+     char func[length+1]; \
+     LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); \
+ }
+@@ -427,7 +427,7 @@ int pdo_sqlsrv_stmt_describe_col(pdo_stmt_t *stmt, int colno TSRMLS_DC)
+ #else
+     pdo_sqlsrv_stmt* driver_stmtt = reinterpret_cast<pdo_sqlsrv_stmt*>( stmt->driver_data );
+     driver_stmtt->set_func( __FUNCTION__ );
+-    int length = strlen(__FUNCTION__);
++    int length = strlen(__FUNCTION__)+strlen(": entering");
+     char func[length+1];
+     LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering"));
+ #endif
-- 
cgit