Bug #30774 | Username argument to SQLConnect used incorrectly in C/ODBC 3.51.19 | ||
---|---|---|---|
Submitted: | 3 Sep 2007 20:00 | Modified: | 13 Sep 2007 11:32 |
Reporter: | TOM DONOVAN (Candidate Quality Contributor) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | Connector / ODBC | Severity: | S2 (Serious) |
Version: | 3.51.19 | OS: | Windows (win2k sp4) |
Assigned to: | Jim Winstead | CPU Architecture: | Any |
[3 Sep 2007 20:00]
TOM DONOVAN
[4 Sep 2007 1:49]
TOM DONOVAN
Looking again, szDSN and cbDSN are handled correctly. Only the cbUID and cbAuth string lengths are ignored in 3.51.19.
[4 Sep 2007 10:45]
Susanne Ebrecht
Hi Tom, thanks for sending the bug report. We will fix it soon. Regards, Susanne
[4 Sep 2007 20:08]
Jim Winstead
Use lengths passed to SQLConnect
Attachment: bug30774.patch (text/plain), 2.56 KiB.
[5 Sep 2007 17:46]
Bogdan Degtyariov
Susanne, probably your Unix server had been configured so, that all users from localhost were able to connect. The test case worked well without patch when I granted access to all localhost connections in Windows. I see no other possibilities of successful connecting in Linux when the username is malformed etc. The problem with ignoring the lengths of the parameters in SQLConnect seems to be existing for ages. Thanks Jim for his patch.
[5 Sep 2007 17:51]
Jim Winstead
The fix for this bug has been committed to the repository, and will be in the next release (3.51.20).
[13 Sep 2007 11:32]
MC Brown
A note has been added to the 3.51.20 changelog: The specified length of the username and authentication parameters to SQLConnect() were not being honored.