RML Questions


The following questions have surfaced several times recently so I decided to post the answers to assist others.


String is missing proper closing quote near (Char Pos: 0xC1 Byte Pos: 0x182)

This is not a utility bug. It is a command found in the trace that was malformed. For example: select * from tbl where name = ''Bob' <---- This is missing the the trailing quote and the parser logic in RML is pointing it out to you. We keep the integrity of the missing quote so we can actually replay the syntax error.

This is usually an application issue and a place to be very careful about T-SQL security injection.   

Let's say that Bob in my example comes from a search box in the application. If I made a mistake and added 'Bob in the search box the application might build the string above and return me a issue near quote. Now I know you are submitting this as dynamic SQL T-SQL and not bound parameters. This means I can enter the following in the search criteria box.

Bob'; drop database production; select '

The application would then build the following command:  select * from tbl where 'Bob'; drop database production; select ''

I hit the OK button and your production database might disappear.  These are places hackers love - changing this to and RPC event (bound parameters) would be much better for safety. (Look at things like sp_executesql) 

Subject: RML Read Trace Error

I am getting the following error while using Read Trace to read SQL 2000 trace files. Do we have any latest version where this problem is fixed? I am using RML Version :9.01.0109 Read Trace Error: [Error: 110003][State: 0][Abs Char: 113][Seq: 0] SYNTAX ERROR: String is missing proper closing quote near (Char Pos: 0xC1 Byte Pos: 0x182)

Embedded NULL Charcters

It is not a bug it is a designed output warning. What I am saying is that EMBEDEDED WITHIN the text of the command there is an actual 0x00 character. This is often unexpected and usually a binding error from a client application. SQL allows 0x00 to be stored so it is not a violation of T-SQL it is more of a bad practice.

For example, it is a way to hide T-SQL injection attacks because a vast majority of applications only display the string up to the first 0x00 character. (C/C++ null termination character)

I could submit the following to your server: select * from good table;(0x00 character added here)drop database Production;

With the right permissions the production database is dropped and you won't see this in any of the traces as the 0x00 hides it from the common display utilities.

Look at the details closer to see if this is something you want to correct in your environment.

Subject: RML Read Trace Error

Do we have any latest version where this bug is fixed?

I am using Version : 9.01.0109

Error Info:

[Error: 110009][State: 10][Abs Char: 0][Seq: 0] WARNING: The input stream contains an embedded NULL (0x0) character near

Bob Dorr, Microsoft SQL Server Escalation Support - Principal Escalation Engineer