From f960a5ccda8d4fa324342de0cd9f725249a93b71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Czerpak?= Date: Wed, 22 Nov 2017 11:33:59 +0100 Subject: [PATCH] 2017-11-22 11:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * contrib/rddads/ads1.c * src/rdd/workarea.c * generate RTE code when SELF_ADDFIELD() used in SELF_CREATEFIELDS() (dbCreate() backend) returns HB_FAILURE. It fixes silent dbCreate() exit when some wrong table structure arrays are passed to this function. * src/rdd/dbf1.c ! added protection against too long unicode character and fields defined in dbCreate() table structure array - fix problem reported by KevinC - thanks * change RTE number from EDBF_DATATYPE to EDBF_DATAWIDTH record size is exceed + added additional protection when corrupted table with unicode fields is open --- ChangeLog.txt | 17 +++++++++++++++++ contrib/rddads/ads1.c | 6 +++--- src/rdd/dbf1.c | 20 ++++++++++++++------ src/rdd/workarea.c | 6 +++--- 4 files changed, 37 insertions(+), 12 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index a5a99b5ebc..876f980c73 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -7,6 +7,23 @@ Entries may not always be in chronological/commit order. See license at the end of file. */ +2017-11-22 11:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) + * contrib/rddads/ads1.c + * src/rdd/workarea.c + * generate RTE code when SELF_ADDFIELD() used in SELF_CREATEFIELDS() + (dbCreate() backend) returns HB_FAILURE. It fixes silent dbCreate() + exit when some wrong table structure arrays are passed to this + function. + + * src/rdd/dbf1.c + ! added protection against too long unicode character and fields defined + in dbCreate() table structure array - fix problem reported by KevinC - + thanks + * change RTE number from EDBF_DATATYPE to EDBF_DATAWIDTH record size is + exceed + + added additional protection when corrupted table with unicode fields + is open + 2017-11-15 23:34 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * src/rdd/dbf1.c ! pacified warning after last commit - thanks to Grigory Filatov diff --git a/contrib/rddads/ads1.c b/contrib/rddads/ads1.c index de8edece83..4c37b03a7a 100644 --- a/contrib/rddads/ads1.c +++ b/contrib/rddads/ads1.c @@ -1986,14 +1986,14 @@ static HB_ERRCODE adsCreateFields( ADSAREAP pArea, PHB_ITEM pStruct ) break; } + if( errCode == HB_SUCCESS ) + errCode = SELF_ADDFIELD( &pArea->area, &dbFieldInfo ); /* Add field */ + if( errCode != HB_SUCCESS ) { hb_errRT_DBCMD( EG_ARG, EDBCMD_DBCMDBADPARAMETER, NULL, HB_ERR_FUNCNAME ); return errCode; } - /* Add field */ - if( SELF_ADDFIELD( &pArea->area, &dbFieldInfo ) == HB_FAILURE ) - return HB_FAILURE; } return HB_SUCCESS; } diff --git a/src/rdd/dbf1.c b/src/rdd/dbf1.c index 82b06913ef..961c6c1c82 100644 --- a/src/rdd/dbf1.c +++ b/src/rdd/dbf1.c @@ -3246,15 +3246,17 @@ static HB_ERRCODE hb_dbfCreate( DBFAREAP pArea, LPDBOPENINFO pCreateInfo ) switch( pField->uiType ) { case HB_FT_STRING: - uiLen = pField->uiLen; if( ( pField->uiFlags & HB_FF_UNICODE ) != 0 ) { pThisField->bType = '\x1A'; - uiLen <<= 1; + if( pField->uiLen > 32767 ) + pField->uiLen = 32767; + uiLen = ( pField->uiLen << 1 ); } else { pThisField->bType = 'C'; + uiLen = pField->uiLen; } pThisField->bLen = ( HB_BYTE ) uiLen; pThisField->bDec = ( HB_BYTE ) ( uiLen >> 8 ); @@ -3463,7 +3465,7 @@ static HB_ERRCODE hb_dbfCreate( DBFAREAP pArea, LPDBOPENINFO pCreateInfo ) } if( pArea->pFieldOffset[ uiCount ] > pArea->uiRecordLen ) - errSubCode = EDBF_DATATYPE; + errSubCode = EDBF_DATAWIDTH; if( errSubCode != 0 ) break; @@ -4124,7 +4126,7 @@ static HB_ERRCODE hb_dbfNewArea( DBFAREAP pArea ) static HB_ERRCODE hb_dbfOpen( DBFAREAP pArea, LPDBOPENINFO pOpenInfo ) { HB_ERRCODE errCode; - HB_USHORT uiFields, uiCount, uiSkip, uiDecimals, uiFlags, uiFlagsMask; + HB_USHORT uiFields, uiCount, uiSkip, uiDecimals, uiLen, uiFlags, uiFlagsMask; HB_BOOL fRawBlob; PHB_ITEM pError, pItem; PHB_FNAME pFileName; @@ -4611,13 +4613,19 @@ static HB_ERRCODE hb_dbfOpen( DBFAREAP pArea, LPDBOPENINFO pOpenInfo ) case '\x1A': dbFieldInfo.uiType = HB_FT_STRING; dbFieldInfo.uiFlags |= HB_FF_UNICODE; - dbFieldInfo.uiLen = ( pField->bLen + pField->bDec * 256 ) >> 1; + uiLen = pField->bLen + pField->bDec * 256; + if( uiLen & 1 ) + errCode = HB_FAILURE; + dbFieldInfo.uiLen = uiLen >> 1; break; case '\x1B': dbFieldInfo.uiType = HB_FT_VARLENGTH; dbFieldInfo.uiFlags |= HB_FF_UNICODE; - dbFieldInfo.uiLen = ( ( pField->bLen + pField->bDec * 256 ) >> 1 ) - 1; + uiLen = pField->bLen + pField->bDec * 256; + if( uiLen & 1 || uiLen < 2 ) + errCode = HB_FAILURE; + dbFieldInfo.uiLen = ( uiLen >> 1 ) - 1; break; case '\x1C': diff --git a/src/rdd/workarea.c b/src/rdd/workarea.c index 453f14c239..8d495238ef 100644 --- a/src/rdd/workarea.c +++ b/src/rdd/workarea.c @@ -505,14 +505,14 @@ static HB_ERRCODE hb_waCreateFields( AREAP pArea, PHB_ITEM pStruct ) break; } + if( errCode == HB_SUCCESS ) + errCode = SELF_ADDFIELD( pArea, &dbFieldInfo ); /* Add field */ + if( errCode != HB_SUCCESS ) { hb_errRT_DBCMD( EG_ARG, EDBCMD_DBCMDBADPARAMETER, NULL, HB_ERR_FUNCNAME ); return errCode; } - /* Add field */ - else if( SELF_ADDFIELD( pArea, &dbFieldInfo ) != HB_SUCCESS ) - return HB_FAILURE; } return HB_SUCCESS; }