FIX: Buffer Overrun When Using SQLConnectW with ODBC Pooling

This article was previously published under Q281646
This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
When you call the ODBC function SQLConnectW and supply non-null terminated strings for the data source name (DSN), user ID (UID), or password (PWD) parameters along with length indicators indicating the exact byte length of the strings, this may later cause an access violation (AV) in the ODBC connection pooling code.

NOTE: According to the ODBC specification, passing strings in this manner is correct. According to the specification, you are allowed to either pass the length of the string in bytes in the associated length parameter, or pass the SQL_NTS constant to indicate that the string is null-terminated.
CAUSE
This problem is due to a string length calculation issue in the ODBC connection pooling code.
RESOLUTION
To resolve this problem, obtain the latest service pack for Microsoft Data Access Components 2.6. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
300635 INFO: How to Obtain the Latest MDAC 2.6 Service Pack

Hotfix

The English version of this fix should have the following file attributes or later:
 Date        Version       Size     File name     Platform ----------------------------------------------------------- 01/04/2001  3.520.7104.0   24,848  Ds32gt.dll       x86 01/04/2001  3.520.7104.0  221,456  Odbc32.dll       x86 01/04/2001  3.520.7104.0   24,848  Odbc32gt.dll     x86 01/04/2001  3.520.7104.0   37,136  Odbcad32.exe     x86 01/04/2001  3.520.7104.0   41,232  Odbccp32.cpl     x86 01/04/2001  3.520.7104.0  102,672  Odbccp32.dll     x86 01/04/2001  3.520.7104.0  196,880  Odbccr32.dll     x86 01/04/2001  3.520.7104.0  200,976  Odbccu32.dll     x86 01/04/2001  3.520.7104.0   90,112  Odbcint.dll      x86 01/04/2001  3.520.7104.0   12,288  Odbcp32r.dll     x86 01/04/2001  3.520.7104.0  151,824  Odbctrac.dll     x86				

WORKAROUND

To work around this problem, supply null-terminated strings to SQLConnectW and use the SQL_NTS flag. Note also that this problem does not occur when using SQLConnectA (the ANSI version of SQLConnect).
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Data Access Components 2.6 Service Pack 1.
MORE INFORMATION
If you are experiencing this problem, you will see a stack similiar to the one below indicating an access violation in wcsncpy:
MSVCRT!wcsncpy+0x14ODBC32!CDispenser__CreateResource+0x29eODBC32!CDispenser__GetActiveConnection+0x10COMSVCS!CHolder__SafeDispenserDriver__CreateResource+0x45COMSVCS!CHolder__AllocResource+0x313ODBC32!CServerTestBitManager__SetBit+0x2dODBC32!CDispenser__RateResource+0x26				
Properties

Article ID: 281646 - Last Review: 02/28/2014 04:23:51 - Revision: 4.2

Microsoft Data Access Components 1.5, Microsoft Data Access Components 2.0, Microsoft Data Access Components 2.1, Microsoft Data Access Components 2.1 Service Pack 2, Microsoft Data Access Components 2.5, Microsoft Data Access Components 2.6

  • kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kbdatabase kbdriver kbfix kbmdac260sp1fix kbqfe KB281646
Feedback