Hi Sebastein,
I tried on CSDK 4.50.FC1 (earlier I tried was CSDK 4.50.FC4 yet to release version) and I can see the program returns proper error code -951. To me this appears to be related to compiler/OS version! Following is the environment (posting again) where I tried. I will explore compiler option of "sanitize" to understand why presence of this option causes issue, basically how this option impacts the layout of binary!
shesh@ubuntu:/shesh/esql$ uname -a
Linux ubuntu 5.3.0-46-generic #38~18.04.1-Ubuntu SMP Tue Mar 31 04:17:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
shesh@ubuntu:/shesh/esql$ esql -V
IBM Informix CSDK Version 4.50, IBM Informix-ESQL Version 4.50.FC1
shesh@ubuntu:/shesh/esql$ echo $INFORMIXC
gcc -g -fsanitize=address
shesh@ubuntu:/shesh/esql$ gcc --version
gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
shesh@ubuntu:/shesh/esql$ cat May15-2020.ec
#include <stdio.h>
int main()
{
EXEC SQL BEGIN DECLARE SECTION;
const char * un16 = "abcdefghijklmnop"; // 16 bytes => error
const char * up = "password";
EXEC SQL END DECLARE SECTION;
printf("User length 16 bytes/chars connection test \n");
EXEC SQL CONNECT TO "sheshdb" USER :un16 USING :up;
printf("Connect returned %d\n", SQLCODE);
return(0);
}
shesh@ubuntu:/shesh/esql$
shesh@ubuntu:/shesh/esql$ esql May15-2020.ec
shesh@ubuntu:/shesh/esql$ ls
a.out May15-2020.c May15-2020.ec
shesh@ubuntu:/shesh/esql$ ./a.out
User length 16 bytes/chars connection test
Connect returned -951
shesh@ubuntu:/shesh/esql$
------------------------------
Sheshnarayan Agrawal
------------------------------
Original Message:
Sent: Fri May 15, 2020 08:08 AM
From: Sheshnarayan Agrawal
Subject: Informix client address sanitizer heap-buffer-overflow with 16 bytes in user name of CONNECT TO
Hi Sebastein,
I tried export INFORMIXC="gcc -g -fsanitize=address", removed the previously compiled binary and intermediate files. Freshly compiled and run the program, I correctly get -951 error code. Will also try 4.50.FC1 which you are using.
shesh@ubuntu:/shesh/esql$ echo $INFORMIXC
gcc -g -fsanitize=address
------------------------------
Sheshnarayan Agrawal
Original Message:
Sent: Fri May 15, 2020 07:45 AM
From: SEBASTIEN SF FLAESCH
Subject: Informix client address sanitizer heap-buffer-overflow with 16 bytes in user name of CONNECT TO
Thanks for you quick reaction, Shesh.
In fact I get the error with the GCC ADDRESS SANITIZER.
Sorry I should have specified this in the first post.
Please try again with:
export INFORMIXC="gcc -g -fsanitize=address"
As shown in is in the repro.txt file.
Seb
------------------------------
SEBASTIEN SF FLAESCH
Original Message:
Sent: Fri May 15, 2020 07:23 AM
From: Sheshnarayan Agrawal
Subject: Informix client address sanitizer heap-buffer-overflow with 16 bytes in user name of CONNECT TO
I tried in my below environment and I correctly get -951 error (User is not known on remote host.) since user/password doesn't exist.
Note : I am trying in my development environment of CSDK 4.50.xC4 [which yet to release]. I will try to find 4.50.xC1 environment. At this moment, I am discounting any possible gcc compiler issue!. I am compiling esql program as "esql May15-2020.ec". In my environment GL_USEGLU is not set.
shesh@ubuntu:/shesh/esql$ uname -a
Linux ubuntu 5.3.0-46-generic #38~18.04.1-Ubuntu SMP Tue Mar 31 04:17:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
shesh@ubuntu:/shesh/esql$ gcc --version
gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
shesh@ubuntu:/shesh/esql$ esql -V
IBM Informix CSDK Version 4.50, IBM Informix-ESQL Version 4.50.FC4
$ dbaccess -V
DB-Access Version 14.10.FC1DE
------------------------------
Sheshnarayan Agrawal
Original Message:
Sent: Fri May 15, 2020 06:49 AM
From: SEBASTIEN SF FLAESCH
Subject: Informix client address sanitizer heap-buffer-overflow with 16 bytes in user name of CONNECT TO
Here is my config:
sf@toro:/tmp$ uname -a
Linux toro 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64 GNU/Linux
sf@toro:/tmp$ cat /etc/debian_version
10.3
sf@toro:/tmp$ gcc --version
gcc (GCC) 9.2.0
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
sf@toro:/tmp$ esql -V
IBM Informix CSDK Version 4.50, IBM Informix-ESQL Version 4.50.FC1
sf@toro:/tmp$ dbaccess -V
DB-Access Version 14.10.FC1DE
BTW I had to unset GL_USEGLU to use the gcc address sanitizer...
Seb
------------------------------
SEBASTIEN SF FLAESCH
Original Message:
Sent: Fri May 15, 2020 06:33 AM
From: Sheshnarayan Agrawal
Subject: Informix client address sanitizer heap-buffer-overflow with 16 bytes in user name of CONNECT TO
HI SEBASTIEN,
Could you share the version of CSDK/ESQL you are using? "esql -V" and/or "esql -version" output.
Also compiler version of gcc.
Thanks
-Shesh
------------------------------
Sheshnarayan Agrawal
Original Message:
Sent: Fri May 15, 2020 06:29 AM
From: SEBASTIEN SF FLAESCH
Subject: Informix client address sanitizer heap-buffer-overflow with 16 bytes in user name of CONNECT TO
The code is very simple:
EXEC SQL BEGIN DECLARE SECTION;
const char * un16 = "abcdefghijklmnop"; // 16 bytes => error
const char * up = "password";
EXEC SQL END DECLARE SECTION;
EXEC SQL CONNECT TO "testdb1" USER :un16 USING :up;
------------------------------
SEBASTIEN SF FLAESCH
Original Message:
Sent: Fri May 15, 2020 06:23 AM
From: SEBASTIEN SF FLAESCH
Subject: Informix client address sanitizer heap-buffer-overflow with 16 bytes in user name of CONNECT TO
Hi all,
Just found what looks like a bug in Informix ESQL/C...
(detected with gcc address sanitizer)
With the CONNECT TO instruction, when providing a user name with 16 bytes, I get a heap-buffer-overflow.
When user name is 15 or 17 bytes long, no issue... quite strange.
Are HCL people watching this forum? Where should I report this today?
Attached, the test case.
Cheers!
Seb
------------------------------
SEBASTIEN SF FLAESCH
------------------------------
#Informix