Microsoft KB Archive/281646

= FIX: Buffer Overrun When Using SQLConnectW with ODBC Pooling =

Article ID: 281646

Article Last Modified on 9/26/2005

-

APPLIES TO


 * Microsoft Data Access Components 1.5
 * Microsoft Data Access Components 2.0
 * Microsoft Data Access Components 2.1
 * Microsoft Data Access Components 2.1 Service Pack 2
 * Microsoft Data Access Components 2.5
 * Microsoft Data Access Components 2.6

-



This article was previously published under Q281646



SYMPTOMS
When you call the ODBC function SQLConnectW and supply non-null terminated strings for the data source name (DSN), user ID (UID), or password (PWD) parameters along with length indicators indicating the exact byte length of the strings, this may later cause an access violation (AV) in the ODBC connection pooling code.

NOTE: According to the ODBC specification, passing strings in this manner is correct. According to the specification, you are allowed to either pass the length of the string in bytes in the associated length parameter, or pass the SQL_NTS constant to indicate that the string is null-terminated.



CAUSE
This problem is due to a string length calculation issue in the ODBC connection pooling code.



RESOLUTION
To resolve this problem, obtain the latest service pack for Microsoft Data Access Components 2.6. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

300635 INFO: How to Obtain the Latest MDAC 2.6 Service Pack

Hotfix
The English version of this fix should have the following file attributes or later:

 Date       Version       Size     File name     Platform --- 01/04/2001 3.520.7104.0   24,848  Ds32gt.dll       x86 01/04/2001 3.520.7104.0  221,456  Odbc32.dll       x86 01/04/2001 3.520.7104.0   24,848  Odbc32gt.dll     x86 01/04/2001 3.520.7104.0   37,136  Odbcad32.exe     x86 01/04/2001 3.520.7104.0   41,232  Odbccp32.cpl     x86 01/04/2001 3.520.7104.0  102,672  Odbccp32.dll     x86 01/04/2001 3.520.7104.0  196,880  Odbccr32.dll     x86 01/04/2001 3.520.7104.0  200,976  Odbccu32.dll     x86 01/04/2001 3.520.7104.0   90,112  Odbcint.dll      x86 01/04/2001 3.520.7104.0   12,288  Odbcp32r.dll     x86 01/04/2001 3.520.7104.0  151,824  Odbctrac.dll     x86

WORKAROUND
To work around this problem, supply null-terminated strings to SQLConnectW and use the SQL_NTS flag. Note also that this problem does not occur when using SQLConnectA (the ANSI version of SQLConnect).



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Data Access Components 2.6 Service Pack 1.



MORE INFORMATION
If you are experiencing this problem, you will see a stack similiar to the one below indicating an access violation in wcsncpy: MSVCRT!wcsncpy+0x14 ODBC32!CDispenser__CreateResource+0x29e ODBC32!CDispenser__GetActiveConnection+0x10 COMSVCS!CHolder__SafeDispenserDriver__CreateResource+0x45 COMSVCS!CHolder__AllocResource+0x313 ODBC32!CServerTestBitManager__SetBit+0x2d ODBC32!CDispenser__RateResource+0x26

Keywords: kbbug kbfix kbqfe kbmdac260sp1fix kbdatabase kbdriver kbhotfixserver KB281646

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.