HyperSQL Database Engine (HSQLDB) / Bugs / #1597 Sensitive information may be leaked in write of org.hsqldb.result.Result from org.hsqldb.ParserDDL

#1597 Sensitive information may be leaked in write of org.hsqldb.result.Result from org.hsqldb.ParserDDL

Milestone: version 2.5.x

Status: closed-rejected

Owner: Fred Toussi

Labels: None

Priority: 5

Updated: 2021-03-07

Created: 2020-10-30

Creator: Xiaoqin Fu

Private: No

In org.hsqldb.ParserDDL,
private StatementSchema compileRoleGrantOrRevoke(boolean grant) {
......
while (true) {
checkIsSimpleName();
roleList.add(token.tokenString);
read();

        if (token.tokenType == Tokens.COMMA) {
            read();

            continue;
        }

        break;
    }
......
}

In org.hsqldb.result.Result,
public void write(SessionInterface session, DataOutputStream dataOut,
RowOutputInterface rowOut) throws IOException {
......
parameterMetaData.write(rowOut);
......
}
The sensitive information (rowOut) may be leaked.
We may be able to add control on them.

Discussion

Xiaoqin Fu - 2020-12-21

Should I open a PR for it?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Fred Toussi - 2020-12-21

Hi Xiaoqin, you need to explain how the sensitive information (in this case rowOut) may be leaked.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Fred Toussi - 2021-03-07

status: open --> closed-rejected

assigned_to: Fred Toussi
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Fred Toussi - 2021-03-07

This ticket is not clear.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Sensitive information may be leaked in write of org.hsqldb.result.Result...

Relational Database

Group

Searches

Help

#1597 Sensitive information may be leaked in write of org.hsqldb.result.Result from org.hsqldb.ParserDDL

Discussion