[unixODBC-support] Segmentation fault in case environment variables are too long

Michael König michael.koenig at blue-yonder.com
Thu Jan 22 08:27:44 GMT 2015


  Hi!

My team has encountered a bug in unixODBC 2.2.14, but it is still present in more recent version as well.
If you use environment variables such as HOME and ODBCSYSINI with really long contents, segmentation faults
occur.

Here is a transcript of what happens:

> echo $HOME
/a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789

> echo $ODBCSYSINI
/a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789

> isql "PostgreSQL R&D test database" -v
Segmentation fault

> export ODBCSYSINI=/some/short/path/
> isql "PostgreSQL R&D test database" -v
Segmentation fault

> export HOME=/invalid/directory
> isql "PostgreSQL R&D test database" -v
+---------------------------------------+
| Connected!                            |
|                                       |
| sql-statement                         |
| help [tablename]                      |
| quit                                  |
|                                       |
+---------------------------------------+
SQL> quit

> export HOME=/a/ridiculously/long/path/in/the/file/system/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789/0123456789
> isql "PostgreSQL R&D test database" -v
Segmentation fault

> export ODBCSYSINI=$HOME
> export HOME=/invalid/directory
> isql "PostgreSQL R&D test database" -v
Segmentation fault


In above example, both the short path and the rediculously long path contain a valid ODBC configuration with identical odbc.ini and odbcinst.ini files.

Essentially, environment variables are copied to buffers of fixed lengths without checking their size first, leading to Bad Things.
I propose to either do some proper buffer management or to abort with a reasonable error message in case environment variables are too long.

We encountered this bug in real life. We operate an Apache Aurora cluster and wanted to deploy an application in it which uses unixODBC.
Aurora generates a sandbox for the application. In the event, the HOME environment variable becomes really, really lengthy.
We had to fix the HOME variable to an invalid folder, and use relative folders for the ODBCSYSINI variable.
I would prefer the "proper buffer management" solution so that we can get rid of this workaround.

Cheers

Michael



More information about the unixODBC-support mailing list