]>
Commit | Line | Data |
---|---|---|
ff19b114 JB |
1 | Some fixes for overflows through "INTERBASE"* environment variables |
2 | (CAN-2003-0281); not sure if it's complete - overflows may still exist | |
3 | in further usage of buffers initialized from env vars truncard to | |
4 | MAXPATHLEN... | |
5 | ||
6 | --- firebird-1.0.2.908/wal/wal.c.orig 2000-08-03 22:54:30.000000000 +0200 | |
7 | +++ firebird-1.0.2.908/wal/wal.c 2003-10-29 21:12:08.203320272 +0100 | |
8 | @@ -1142,7 +1142,7 @@ | |
9 | * | |
10 | **************************************/ | |
11 | WALS WAL_segment; | |
12 | -TEXT image_name [256]; | |
13 | +TEXT image_name [MAXPATHLEN]; | |
14 | int pid; | |
15 | ||
16 | gds__prefix (image_name, WAL_WRITER); | |
17 | --- firebird-1.0.2.908/utilities/srvrmgr.c.orig 2003-10-29 21:13:23.238913128 +0100 | |
18 | +++ firebird-1.0.2.908/utilities/srvrmgr.c 2003-10-29 21:13:11.768656872 +0100 | |
19 | @@ -446,7 +446,7 @@ | |
20 | * | |
21 | **************************************/ | |
22 | TEXT msg [MSG_LEN]; | |
23 | -TEXT path[PATHLEN]; | |
24 | +TEXT path[MAXPATHLEN]; | |
25 | TEXT *argv[4]; | |
26 | int retry; | |
27 | pid_t pid, ret_value; | |
28 | @@ -572,7 +572,7 @@ | |
29 | * | |
30 | **************************************/ | |
31 | STATUS status[STATUS_BUFLEN]; | |
32 | -TEXT path[PATHLEN]; | |
33 | +TEXT path[MAXPATHLEN]; | |
34 | TEXT db_name[128]; | |
35 | isc_db_handle db_handle = 0L; | |
36 | BOOLEAN ok; | |
37 | --- firebird-1.0.2.908/remote/inet.c.orig 2002-08-22 07:45:42.000000000 +0200 | |
38 | +++ firebird-1.0.2.908/remote/inet.c 2003-10-29 21:10:52.813781224 +0100 | |
39 | @@ -2373,7 +2373,7 @@ | |
40 | * | |
41 | **************************************/ | |
42 | IB_FILE *proxy; | |
43 | -TEXT *p, proxy_file [64], source_user [64], source_host [MAXHOSTLEN], | |
44 | +TEXT *p, proxy_file [MAXPATHLEN], source_user [64], source_host [MAXHOSTLEN], | |
45 | target_user [64], line [128]; | |
46 | int c; | |
47 | BOOLEAN result; | |
48 | --- firebird-1.0.2.908/lock/lock.c.orig 2002-04-11 03:04:25.000000000 +0200 | |
49 | +++ firebird-1.0.2.908/lock/lock.c 2003-10-29 21:09:57.632170104 +0100 | |
50 | @@ -2239,8 +2239,8 @@ | |
51 | /* The lock file has some problem - copy it for later analysis */ | |
52 | { | |
53 | TEXT *lock_file; | |
54 | - TEXT buffer [256]; | |
55 | - TEXT buffer2 [256]; | |
56 | + TEXT buffer [MAXPATHLEN*2 + 256]; | |
57 | + TEXT buffer2 [MAXPATHLEN + 256]; | |
58 | TEXT hostname [64]; | |
59 | gds__prefix_lock (buffer, LOCK_FILE); | |
60 | lock_file = buffer; | |
61 | @@ -3007,7 +3007,7 @@ | |
62 | * Fork lock manager process. | |
63 | * | |
64 | **************************************/ | |
65 | -TEXT string [256]; | |
66 | +TEXT string [MAXPATHLEN]; | |
67 | struct stat stat_buf; | |
68 | int pid; | |
69 | ||
70 | @@ -3280,7 +3280,7 @@ | |
71 | #ifdef WINDOWS_ONLY | |
72 | TEXT *buffer = (TEXT*) gds__alloc ((SLONG) BUFFER_MEDIUM); | |
73 | #else | |
74 | -TEXT buffer [256]; | |
75 | +TEXT buffer [MAXPATHLEN]; | |
76 | #endif | |
77 | #endif | |
78 | ||
79 | --- firebird-1.0.2.908/jrd/gds.c.orig 2002-10-13 07:39:08.000000000 +0200 | |
80 | +++ firebird-1.0.2.908/jrd/gds.c 2003-10-29 20:43:18.367295320 +0100 | |
81 | @@ -2710,8 +2710,9 @@ | |
82 | ||
83 | ib_prefix = getenv("ProgramFiles"); | |
84 | if (ib_prefix) { | |
85 | - strcpy(ib_prefix_val, ib_prefix); | |
86 | - strcat(ib_prefix_val, "\\Borland\\Interbase\\"); | |
87 | + ib_prefix_val[MAXPATHLEN - 1] = 0; | |
88 | + strncpy(ib_prefix_val, ib_prefix, MAXPATHLEN - 1); | |
89 | + strncat(ib_prefix_val, "\\Borland\\Interbase\\", MAXPATHLEN - 1 - strlen(ib_prefix)); | |
90 | } else { | |
91 | /* ISC_PREFIX currently defaults to */ | |
92 | /* "C:\Program Files\Borland\InterBase\" */ | |
93 | @@ -2742,16 +2743,28 @@ | |
94 | ib_prefix = ib_prefix_val; | |
95 | } | |
96 | } | |
97 | +/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */ | |
98 | +/* note: strlen(string)==0 here */ | |
99 | #ifdef mpexl | |
100 | - strcat (string, root); | |
101 | - strcat (string, ib_prefix); | |
102 | + strncat (string, root, MAXPATHLEN - 1); | |
103 | + if(strlen(root) >= MAXPATHLEN - 1) | |
104 | + string[MAXPATHLEN - 1] = 0; | |
105 | + else { | |
106 | + strncat (string, ib_prefix, MAXPATHLEN - 1 - strlen(root)); | |
107 | + if(strlen(root) + strlen(ib_prefix) >= MAXPATHLEN - 1) | |
108 | + string[MAXPATHLEN - 1] = 0; | |
109 | + } | |
110 | #else /* mpexl */ | |
111 | - strcat (string, ib_prefix); | |
112 | + strncat (string, ib_prefix, MAXPATHLEN - 1); | |
113 | + if (strlen(ib_prefix) >= MAXPATHLEN - 1) | |
114 | + string[MAXPATHLEN - 1] = 0; | |
115 | #ifndef NETWARE_386 | |
116 | - if (string [strlen (string) - 1] != '/') | |
117 | + if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1)) | |
118 | strcat (string, "/"); | |
119 | #endif | |
120 | - strcat (string, root); | |
121 | + if(strlen(string) + strlen(root) >= MAXPATHLEN - 1) | |
122 | + string[MAXPATHLEN - 1] = 0; | |
123 | + strncat (string, root, MAXPATHLEN - 1 - strlen(string)); | |
124 | #endif /* mpexl */ | |
125 | } | |
126 | #endif /* !defined(VMS) */ | |
127 | @@ -2838,20 +2851,33 @@ | |
128 | } | |
129 | else | |
130 | { | |
131 | - strcat (ib_prefix_lock_val, ib_prefix_lock); | |
132 | + ib_prefix_lock_val[MAXPATHLEN - 1] = 0; | |
133 | + strncat (ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1 - strlen(ib_prefix_lock_val)); | |
134 | ib_prefix_lock = ib_prefix_lock_val; | |
135 | } | |
136 | } | |
137 | +/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */ | |
138 | +/* note: strlen(string)==0 here */ | |
139 | #ifdef mpexl | |
140 | -strcat (string, root); | |
141 | -strcat (string, ib_prefix_lock); | |
142 | +strncat (string, root, MAXPATHLEN - 1); | |
143 | +if(strlen(root) >= MAXPATHLEN - 1) | |
144 | + string[MAXPATHLEN - 1] = 0; | |
145 | +else { | |
146 | + strncat (string, ib_prefix_lock, MAXPATHLEN - 1 - strlen(root)); | |
147 | + if(strlen(root) + strlen(ib_prefix_lock) >= MAXPATHLEN - 1) | |
148 | + string[MAXPATHLEN - 1] = 0; | |
149 | +} | |
150 | #else | |
151 | -strcat (string, ib_prefix_lock); | |
152 | +strncat (string, ib_prefix_lock, MAXPATHLEN - 1); | |
153 | +if (strlen(ib_prefix) >= MAXPATHLEN - 1) | |
154 | + string[MAXPATHLEN - 1] = 0; | |
155 | #ifndef NETWARE_386 | |
156 | -if (string [strlen (string) - 1] != '/') | |
157 | +if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1)) | |
158 | strcat (string, "/"); | |
159 | #endif | |
160 | -strcat (string, root); | |
161 | +if(strlen(string) + strlen(root) >= MAXPATHLEN - 1) | |
162 | + string[MAXPATHLEN - 1] = 0; | |
163 | +strncat (string, root, MAXPATHLEN - 1 - strlen(string)); | |
164 | #endif | |
165 | } | |
166 | #endif | |
167 | @@ -2939,21 +2965,34 @@ | |
168 | } | |
169 | else | |
170 | { | |
171 | - strcat (ib_prefix_msg_val, ib_prefix_msg); | |
172 | + ib_prefix_msg_val[MAXPATHLEN - 1] = 0; | |
173 | + strncat (ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1 - strlen(ib_prefix_msg_val)); | |
174 | ib_prefix_msg = ib_prefix_msg_val; | |
175 | } | |
176 | } | |
177 | ||
178 | +/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */ | |
179 | +/* note: strlen(string)==0 here */ | |
180 | #ifdef mpexl | |
181 | -strcat (string, root); | |
182 | -strcat (string, ib_prefix_msg); | |
183 | +strncat (string, root, MAXPATHLEN - 1); | |
184 | +if(strlen(root) >= MAXPATHLEN - 1) | |
185 | + string[MAXPATHLEN - 1] = 0; | |
186 | +else { | |
187 | + strncat (string, ib_prefix_msg, MAXPATHLEN - 1 - strlen(root)); | |
188 | + if(strlen(root) + strlen(ib_prefix_msg) >= MAXPATHLEN - 1) | |
189 | + string[MAXPATHLEN - 1] = 0; | |
190 | +} | |
191 | #else | |
192 | -strcat (string, ib_prefix_msg); | |
193 | +strncat (string, ib_prefix_msg, MAXPATHLEN - 1); | |
194 | +if (strlen(ib_prefix) >= MAXPATHLEN - 1) | |
195 | + string[MAXPATHLEN - 1] = 0; | |
196 | #ifndef NETWARE_386 | |
197 | -if (string [strlen (string) - 1] != '/') | |
198 | +if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1)) | |
199 | strcat (string, "/"); | |
200 | #endif | |
201 | -strcat (string, root); | |
202 | +if(strlen(string) + strlen(root) >= MAXPATHLEN - 1) | |
203 | + string[MAXPATHLEN - 1] = 0; | |
204 | +strncat (string, root, MAXPATHLEN - 1 - strlen(string)); | |
205 | #endif | |
206 | } | |
207 | #endif | |
208 | --- firebird-1.0.2.908/jrd/builtin.c.orig 2000-12-29 14:05:07.000000000 +0100 | |
209 | +++ firebird-1.0.2.908/jrd/builtin.c 2003-10-29 20:56:16.270036128 +0100 | |
210 | @@ -74,7 +74,7 @@ | |
211 | * | |
212 | **************************************/ | |
213 | FN *function; | |
214 | -TEXT *p, temp [256], *ep; | |
215 | +TEXT *p, temp [MAXPATHLEN], *ep; | |
216 | TEXT *modname; | |
217 | ||
218 | /* Strip off any preceeding $INTERBASE path location from the | |
219 | --- firebird-1.0.2.908/jrd/event.c.orig 2002-06-21 20:56:55.000000000 +0200 | |
220 | +++ firebird-1.0.2.908/jrd/event.c 2003-10-29 20:57:01.379178496 +0100 | |
221 | @@ -258,7 +258,7 @@ | |
222 | * exits, otherwise return NULL. | |
223 | * | |
224 | **************************************/ | |
225 | -TEXT *event_file, buffer [256]; | |
226 | +TEXT *event_file, buffer [MAXPATHLEN]; | |
227 | ||
228 | /* If we're already initialized, there's nothing to do */ | |
229 | ||
230 | --- firebird-1.0.2.908/jrd/isc.c.orig 2002-06-21 20:56:55.000000000 +0200 | |
231 | +++ firebird-1.0.2.908/jrd/isc.c 2003-10-29 21:00:27.988769064 +0100 | |
232 | @@ -520,7 +520,7 @@ | |
233 | { | |
234 | IB_FILE *fd; | |
235 | TEXT *p, *q, buf[80]; | |
236 | - TEXT buffer [256]; | |
237 | + TEXT buffer [MAXPATHLEN]; | |
238 | #ifdef SUPERSERVER | |
239 | int n; | |
240 | TEXT dir_name[MAX_PATH_LENGTH]; | |
241 | @@ -724,7 +724,7 @@ | |
242 | IB_FILE *fd = NULL; | |
243 | IPCCFG h; | |
244 | struct cfgtbl *t; | |
245 | -TEXT buffer [256]; | |
246 | +TEXT buffer [MAXPATHLEN]; | |
247 | int ret = 1; | |
248 | ||
249 | if (config_file) | |
250 | --- firebird-1.0.2.908/jrd/isc_cray.c.orig 2000-08-03 22:50:47.000000000 +0200 | |
251 | +++ firebird-1.0.2.908/jrd/isc_cray.c 2003-10-29 21:01:52.928856208 +0100 | |
252 | @@ -654,7 +654,7 @@ | |
253 | **************************************/ | |
254 | SLONG msg [3]; | |
255 | int status, pipes [2]; | |
256 | -TEXT process [64], arg [10]; | |
257 | +TEXT process [MAXPATHLEN], arg [10]; | |
258 | ||
259 | status = kill (pid, signal_number); | |
260 | ||
261 | --- firebird-1.0.2.908/jrd/isc_ipc.c.orig 2002-06-21 20:56:55.000000000 +0200 | |
262 | +++ firebird-1.0.2.908/jrd/isc_ipc.c 2003-10-29 21:02:12.890821528 +0100 | |
263 | @@ -773,7 +773,7 @@ | |
264 | **************************************/ | |
265 | SLONG msg [3]; | |
266 | int status, pipes [2]; | |
267 | -TEXT process [64], arg [10]; | |
268 | +TEXT process [MAXPATHLEN], arg [10]; | |
269 | ||
270 | #ifdef NeXT | |
271 | /* If not a UNIX signal, send to port watcher */ | |
272 | --- firebird-1.0.2.908/jrd/log.c.orig 2000-08-03 22:50:56.000000000 +0200 | |
273 | +++ firebird-1.0.2.908/jrd/log.c 2003-10-29 21:03:49.526130728 +0100 | |
274 | @@ -632,7 +632,7 @@ | |
275 | DBB dbb; | |
276 | LOG log; | |
277 | #ifndef STACK_REDUCTION | |
278 | -SCHAR *log_name, buffer [256]; | |
279 | +SCHAR *log_name, buffer [MAXPATHLEN]; | |
280 | #else | |
281 | SCHAR *log_name, *buffer; | |
282 | #endif /* !STACK_REDUCTION */ | |
283 | @@ -640,7 +640,7 @@ | |
284 | int mask; | |
285 | ||
286 | #ifdef STACK_REDUCTION | |
287 | -buffer = (SCHAR *)gds__alloc ((SLONG)BUFFER_MEDIUM); | |
288 | +buffer = (SCHAR *)gds__alloc ((SLONG)((BUFFER_MEDIUM > MAXPATHLEN) ? BUFFER_MEDIUM : MAXPATHLEN)); | |
289 | if(!buffer) /* NOMEM: */ | |
290 | { | |
291 | error ("can't open log file (out of memory)"); | |
292 | --- firebird-1.0.2.908/jrd/svc.c.orig 2002-10-07 12:49:25.000000000 +0200 | |
293 | +++ firebird-1.0.2.908/jrd/svc.c 2003-10-29 21:07:08.137937144 +0100 | |
294 | @@ -149,7 +149,7 @@ | |
295 | *status++ = (STATUS) ERR_string(svc,strlen(svc)); \ | |
296 | *status++ = isc_arg_end; } | |
297 | ||
298 | -#define ERR_FILE_IN_USE { TEXT buffer[256]; \ | |
299 | +#define ERR_FILE_IN_USE { TEXT buffer[MAXPATHLEN]; \ | |
300 | gds__prefix (buffer, LOCK_HEADER); \ | |
301 | *status++ = isc_file_in_use; \ | |
302 | *status++ = isc_arg_string; \ | |
303 | @@ -849,7 +849,7 @@ | |
304 | * | |
305 | **************************************/ | |
306 | SCHAR item, *items, *end_items, *end; | |
307 | -UCHAR buffer [256], dbbuf [1024]; | |
308 | +UCHAR buffer [MAXPATHLEN /* >=256 */], dbbuf [1024]; | |
309 | USHORT l, length, version, get_flags; | |
310 | STATUS *status; | |
311 | #ifndef WINDOWS_ONLY | |
312 | @@ -1361,7 +1361,7 @@ | |
313 | * | |
314 | **************************************/ | |
315 | SCHAR item, *items, *end_items, *end, *p, *q; | |
316 | -UCHAR buffer [256]; | |
317 | +UCHAR buffer [MAXPATHLEN /* >=256 */]; | |
318 | USHORT l, length, version, get_flags; | |
319 | USHORT num_att = 0; | |
320 | USHORT num_dbs = 0; | |
321 | --- firebird-1.0.2.908/gpre/ftn.c.orig 2002-06-21 20:56:55.000000000 +0200 | |
322 | +++ firebird-1.0.2.908/gpre/ftn.c 2003-10-29 21:01:14.106758064 +0100 | |
323 | @@ -1551,7 +1551,7 @@ | |
324 | TPB tpb; | |
325 | REQ request; | |
326 | BOOLEAN any_extern; | |
327 | -TEXT include_buffer[512]; | |
328 | +TEXT include_buffer[MAXPATHLEN]; | |
329 | ||
330 | #ifndef mpexl | |
331 | ISC_prefix (include_buffer, INCLUDE_FTN_FILE); | |
332 | --- firebird-1.0.2.908/intl/dtest.c.orig 2000-08-03 22:49:04.000000000 +0200 | |
333 | +++ firebird-1.0.2.908/intl/dtest.c 2003-10-29 20:55:40.683446112 +0100 | |
334 | @@ -124,7 +124,7 @@ | |
335 | #ifdef LIKE_JRD | |
336 | { | |
337 | char module[ 200 ]; | |
338 | - char path[ 200 ]; | |
339 | + char path[ MAXPATHLEN ]; | |
340 | char entry[ 200 ]; | |
341 | int t_type; | |
342 | t_type = atoi( vector[ i ] ); | |
343 | --- firebird-1.0.2.908/csv/csi.c.orig 2000-08-03 22:43:03.000000000 +0200 | |
344 | +++ firebird-1.0.2.908/csv/csi.c 2003-10-29 20:53:28.947473024 +0100 | |
345 | @@ -3733,7 +3733,7 @@ | |
346 | * | |
347 | **************************************/ | |
348 | UCHAR output [128], error [128], *p, *q, process_name [16], | |
349 | - pipe_temp [256], pipe_file [256]; | |
350 | + pipe_temp [MAXPATHLEN], pipe_file [256]; | |
351 | USHORT i, len; | |
352 | ULONG status, pid, flags, item; | |
353 | SLONG *privileges, procpriv [2], priority; | |
354 | --- firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c.orig 2001-02-04 05:06:13.000000000 +0100 | |
355 | +++ firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c 2003-10-29 20:55:01.392419256 +0100 | |
356 | @@ -7,7 +7,7 @@ | |
357 | ||
358 | int main() | |
359 | { | |
360 | - char buff[2048]; | |
361 | + char buff[MAXPATHLEN + 10]; | |
362 | int offset; | |
363 | ||
364 | #ifdef VAR_PATH | |
365 | --- firebird-1.0.2.908/porting/qli/help.c.orig 2003-01-04 14:08:01.000000000 +0100 | |
366 | +++ firebird-1.0.2.908/porting/qli/help.c 2003-10-29 20:51:01.799842864 +0100 | |
367 | @@ -201,7 +201,7 @@ | |
368 | **************************************/ | |
369 | NAM *ptr, *end, name; | |
370 | USHORT max_level; | |
371 | -TEXT target [128], **topic, *topics [16]; | |
372 | +TEXT target [MAXPATHLEN /* >=128 */], **topic, *topics [16]; | |
373 | ||
374 | if (!HELP_DB) | |
375 | { |