Menu
▾
▴
[Firebird-checkins] CVS: firebird2/src/isql show.epp,1.75,1.76
|
From: Claudio V. C. <ro...@us...> - 2005-05-26 08:26:26
|
Build Version : T2.0.0.11000 Firebird 2.0 Alpha 2 (writeBuildNum.sh,v 1.11012 2005/05/26 08:26:16 robocop Exp ) Update of /cvsroot/firebird/firebird2/src/isql In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21754/src/isql Modified Files: show.epp Log Message: I didn't test a case, but I'm pretty sure that long quoted identifiers could lead to a buffer overrun while extracting grants here. Index: show.epp =================================================================== RCS file: /cvsroot/firebird/firebird2/src/isql/show.epp,v retrieving revision 1.75 retrieving revision 1.76 diff -b -U3 -r1.75 -r1.76 --- show.epp 26 May 2005 07:35:45 -0000 1.75 +++ show.epp 26 May 2005 08:26:05 -0000 1.76 @@ -510,7 +510,7 @@ BASED_ON RDB$USER_PRIVILEGES.RDB$GRANT_OPTION prev_option; BASED_ON RDB$USER_PRIVILEGES.RDB$FIELD_NAME prev_field; BASED_ON RDB$USER_PRIVILEGES.RDB$USER_TYPE prev_user_type; - SCHAR user_string[44]; + SCHAR user_string[WORDLENGTH * 2 + 20]; bool first = true; if (!*object) @@ -720,7 +720,7 @@ return (SKIP); } -// No relation called "object" was found, try procedure "object" + // No relation called "object" was found, try procedure "object" if (obj_type == obj_procedure || obj_type == 255) { @@ -817,13 +817,15 @@ return (SKIP); } -// No procedure called "object" was found, try role "object" + // No procedure called "object" was found, try role "object" SCHAR role_name[BUFFER_LENGTH128]; if (obj_type == obj_sql_role || obj_type == 255) { // No procedure called "object" was found, try role "object" - /* CVC: This code could be superseded by SHOW_grant_roles() below - with the sole difference of the sort fields. */ + // CVC: This code could be superseded by SHOW_grant_roles() below + // with the sole difference of the sort fields. + // This part is only used by SHOW GRANT <object> command + // Metadata extraction and SHOW GRANT with no param uses SHOW_grant_roles. FOR FIRST 1 R IN RDB$ROLES WITH R.RDB$ROLE_NAME EQ object @@ -913,7 +915,7 @@ char with_option[18]; char user_string[44]; -// process role "object" + // process role "object" FOR PRV IN RDB$USER_PRIVILEGES WITH PRV.RDB$OBJECT_TYPE EQ obj_sql_role AND |
