Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 281646 - Last Review: September 26, 2005 - Revision: 4.2
FIX: Buffer Overrun When Using SQLConnectW with ODBC Pooling
This article was previously published under Q281646
When you call the ODBC function
SQLConnectW and supply non-null terminated strings for the data source name (DSN), user ID (UID), or password (PWD) parameters along with length indicators indicating the exact byte length of the strings, this may later cause an access violation (AV) in the ODBC connection pooling code.
NOTE: According to the ODBC specification, passing strings in this manner is correct. According to the specification, you are allowed to either pass the length of the string in bytes in the associated length parameter, or pass the SQL_NTS constant to indicate that the string is null-terminated.
This problem is due to a string length calculation issue in the ODBC connection pooling code.
To resolve this problem, obtain the latest service pack for Microsoft Data Access Components 2.6. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
300635Â
(http://kbalertz.com/Feedback.aspx?kbNumber=300635/EN-US/
)
INFO: How to Obtain the Latest MDAC 2.6 Service Pack
Hotfix
The English version of this fix should have the following file attributes or later:
Date Version Size File name Platform
-----------------------------------------------------------
01/04/2001 3.520.7104.0 24,848 Ds32gt.dll x86
01/04/2001 3.520.7104.0 221,456 Odbc32.dll x86
01/04/2001 3.520.7104.0 24,848 Odbc32gt.dll x86
01/04/2001 3.520.7104.0 37,136 Odbcad32.exe x86
01/04/2001 3.520.7104.0 41,232 Odbccp32.cpl x86
01/04/2001 3.520.7104.0 102,672 Odbccp32.dll x86
01/04/2001 3.520.7104.0 196,880 Odbccr32.dll x86
01/04/2001 3.520.7104.0 200,976 Odbccu32.dll x86
01/04/2001 3.520.7104.0 90,112 Odbcint.dll x86
01/04/2001 3.520.7104.0 12,288 Odbcp32r.dll x86
01/04/2001 3.520.7104.0 151,824 Odbctrac.dll x86
WORKAROUND
To work around this problem, supply null-terminated strings to
SQLConnectW and use the SQL_NTS flag. Note also that this problem does not occur when using
SQLConnectA (the ANSI version of
SQLConnect).
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Data Access Components 2.6 Service Pack 1.
If you are experiencing this problem, you will see a stack similiar to the one below indicating an access violation in wcsncpy:
MSVCRT!wcsncpy+0x14
ODBC32!CDispenser__CreateResource+0x29e
ODBC32!CDispenser__GetActiveConnection+0x10
COMSVCS!CHolder__SafeDispenserDriver__CreateResource+0x45
COMSVCS!CHolder__AllocResource+0x313
ODBC32!CServerTestBitManager__SetBit+0x2d
ODBC32!CDispenser__RateResource+0x26
APPLIES TO
- Microsoft Data Access Components 1.5
- Microsoft Data Access Components 2.0
- Microsoft Data Access Components 2.1
- Microsoft Data Access Components 2.1 Service Pack 2
- Microsoft Data Access Components 2.5
- Microsoft Data Access Components 2.6
| kbhotfixserver kbqfe kbbug kbdatabase kbdriver kbfix kbmdac260sp1fix kbqfe KB281646 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate