#36 SQLConfigDataSourceW/ConfigDSNW functions have to use the doubly null-terminated string for attributes

[Bogdan Degtyariov]

Sorry for the off-topic, but the unixODBC-GUI-Qt project does not have the tickets, so I am putting it here.

I am working on GUI for MySQL ODBC driver and I found a problem in ODBCManageDataSourcesQ4 tool, which looks like a bug to me.

It calls SQLConfigDataSource with single null-terminated string for the lpszAttributes parameter. However, the MS version of ODBC specification requires the doubly null-terminated string as single null is reserved for delimiting the parameters in the attributes list:

http://msdn.microsoft.com/en-us/library/windows/desktop/ms716476%28v=vs.85%29.aspx

The driver-side setup function ConfigDSNW is getting this string like this:

DSN=test\0}}#$#&*SSSSSSSSSSSS\0\0\0\0

It stops parsing only after finding the double null sequence \0\0 at the end.
The chances to get very far past the buffer out of the data segment and crash are really high.

Thanks.