Welcome, Guest! Log In | Create Account

Share

Emdros

File Release Notes and Changelog

Release Name: 1.1.22

Notes:
- *** Version 1.1.22 *** Released February 8, 2005

1) Introduction
===============

This is a security-related bugfix release.  It fixes bug 1116935,
available in the bugtracker on http://sf.net/projects/emdros, as well
as below.

Basically, if you fed the MQL parser some malformed MQL, then it
would, in many cases, leak memory.  This could lead to a Denial of
Service (DoS) attack if a user with local access fed the mql(1) binary
large quantities of malformed MQL.  The machine would consume more and
more memory, until it slowed almost to a grinding halt.

This has been fixed by substituting the bison parser for a lemon-based
parser.  Lemon is part of the SQLite package, available from
http://www.sqlite.org/.  Lemon has the distinct advantage of having
the concept of a "destructor" on both terminals and non-terminals.
This has been employed so that the new parser automatically takes care
of cleaning up after a syntax error.


2) Bug 1116935
==============

http://sourceforge.net/tracker/index.php?func=detail&aid=1116935&group_id=37219&atid=419458

The MQL parser will leak memory if given certain kinds of malformed
MQL statements. This can lead to a DoS attack with more and more
memory being consumed. The vulnerability is normally only exploitable
if a user has local access. However, if MQL is run as a service
through xinetd or similar, it is also exploitable remotely.

All platforms are affected: Windows, Linux, Solaris.

However, I have confirmed that the fixed version leaks no
memory on any of these systems.


Enjoy!

Ulrik Petersen
Emdros maintainer



Changes:
- *** Version 1.1.22 ***

2005-02-05  Ulrik Petersen  <ulrikp@ulrikp-2.stud.humfak.auc.dk>

	* Removed quite a few non-used non-terminals from the lexer.
	
	* Removed bison parser, added lemon parser.
	
	* Added lemon parser from SQLite 3.1.0.
	
	* Removed COVERED_BY and BUILDABLE_FROM from the parser (and
	  lexer).

2005-01-02  Ulrik Petersen  <ulrikp@ulrikp-2>

	* Moved some declarations of MQLObject *pObj out of the loops, and
	  used pObj instead of object_block->get_object().  This gave a
	  speed increase.

2005-01-01  Ulrik Petersen  <ulrikp@ulrikp-2>

	* Re-instated the behavior before bug #1094167 was just "fixed".
	  See the comment on the bug on SF.Net for why this was done.
	  Also redid mql.yxx, mql_query.cpp:Power and mql_R.cpp to reflect
	  the new stuff.
	
	* Fixed bug #1094167: Power restriction was off by one: In the
	  MQL, "<" was used, but in the R_object_block_first() function,
	  "<=" was used.  See the bug on SourceForge for an example of how
	  this would go wrong.

 

About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use