[packages/Firebird.git] / Firebird-env-overflows.patch

Some fixes for overflows through "INTERBASE"* environment variables
(CAN-2003-0281); not sure if it's complete - overflows may still exist
in further usage of buffers initialized from env vars truncard to
MAXPATHLEN...

--- firebird-1.0.2.908/wal/wal.c.orig	2000-08-03 22:54:30.000000000 +0200
+++ firebird-1.0.2.908/wal/wal.c	2003-10-29 21:12:08.203320272 +0100
@@ -1142,7 +1142,7 @@
  *
  **************************************/		
 WALS	WAL_segment;
-TEXT	image_name [256];
+TEXT	image_name [MAXPATHLEN];
 int	pid;
 
 gds__prefix (image_name, WAL_WRITER);  
--- firebird-1.0.2.908/utilities/srvrmgr.c.orig	2003-10-29 21:13:23.238913128 +0100
+++ firebird-1.0.2.908/utilities/srvrmgr.c	2003-10-29 21:13:11.768656872 +0100
@@ -446,7 +446,7 @@
  *
  **************************************/
 TEXT    msg [MSG_LEN];
-TEXT    path[PATHLEN];
+TEXT    path[MAXPATHLEN];
 TEXT	*argv[4];
 int	retry;
 pid_t	pid, ret_value;
@@ -572,7 +572,7 @@
  *
  **************************************/
 STATUS		status[STATUS_BUFLEN];
-TEXT		path[PATHLEN];
+TEXT		path[MAXPATHLEN];
 TEXT		db_name[128];
 isc_db_handle	db_handle = 0L;
 BOOLEAN		ok;
--- firebird-1.0.2.908/remote/inet.c.orig	2002-08-22 07:45:42.000000000 +0200
+++ firebird-1.0.2.908/remote/inet.c	2003-10-29 21:10:52.813781224 +0100
@@ -2373,7 +2373,7 @@
  *
  **************************************/
 IB_FILE	*proxy;
-TEXT	*p, proxy_file [64], source_user [64], source_host [MAXHOSTLEN],
+TEXT	*p, proxy_file [MAXPATHLEN], source_user [64], source_host [MAXHOSTLEN],
 	target_user [64], line [128];
 int	c;
 BOOLEAN	result;
--- firebird-1.0.2.908/lock/lock.c.orig	2002-04-11 03:04:25.000000000 +0200
+++ firebird-1.0.2.908/lock/lock.c	2003-10-29 21:09:57.632170104 +0100
@@ -2239,8 +2239,8 @@
     /* The lock file has some problem - copy it for later analysis */
     {
     TEXT	*lock_file;
-    TEXT	buffer [256];	
-    TEXT	buffer2 [256];	
+    TEXT	buffer [MAXPATHLEN*2 + 256];
+    TEXT	buffer2 [MAXPATHLEN + 256];
     TEXT	hostname [64];
     gds__prefix_lock (buffer, LOCK_FILE);
     lock_file = buffer;
@@ -3007,7 +3007,7 @@
  *	Fork lock manager process.
  *
  **************************************/
-TEXT		string [256];
+TEXT		string [MAXPATHLEN];
 struct stat	stat_buf;
 int		pid;
 
@@ -3280,7 +3280,7 @@
 #ifdef WINDOWS_ONLY
 TEXT		*buffer = (TEXT*) gds__alloc ((SLONG) BUFFER_MEDIUM);
 #else
-TEXT		buffer [256];
+TEXT		buffer [MAXPATHLEN];
 #endif
 #endif
 
--- firebird-1.0.2.908/jrd/gds.c.orig	2002-10-13 07:39:08.000000000 +0200
+++ firebird-1.0.2.908/jrd/gds.c	2003-10-29 20:43:18.367295320 +0100
@@ -2710,8 +2710,9 @@
 
 				ib_prefix = getenv("ProgramFiles");
 				if (ib_prefix) {
-					strcpy(ib_prefix_val, ib_prefix);
-					strcat(ib_prefix_val, "\\Borland\\Interbase\\");
+					ib_prefix_val[MAXPATHLEN - 1] = 0;
+					strncpy(ib_prefix_val, ib_prefix, MAXPATHLEN - 1);
+					strncat(ib_prefix_val, "\\Borland\\Interbase\\", MAXPATHLEN - 1 - strlen(ib_prefix));
 				} else {
 					/* ISC_PREFIX currently defaults to      */
 					/* "C:\Program Files\Borland\InterBase\" */
@@ -2742,16 +2743,28 @@
             ib_prefix = ib_prefix_val;
         }
     }
+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
+/* note: strlen(string)==0 here */
 #ifdef mpexl
-    strcat (string, root);
-    strcat (string, ib_prefix);
+    strncat (string, root, MAXPATHLEN - 1);
+    if(strlen(root) >= MAXPATHLEN - 1)
+	string[MAXPATHLEN - 1] = 0;
+    else {
+	strncat (string, ib_prefix, MAXPATHLEN - 1 - strlen(root));
+	if(strlen(root) + strlen(ib_prefix) >= MAXPATHLEN - 1)
+	    string[MAXPATHLEN - 1] = 0;
+    }
 #else	/* mpexl */
-    strcat (string, ib_prefix);
+    strncat (string, ib_prefix, MAXPATHLEN - 1);
+    if (strlen(ib_prefix) >= MAXPATHLEN - 1)
+	string[MAXPATHLEN - 1] = 0;
 #ifndef NETWARE_386
-    if (string [strlen (string) - 1] != '/')
+    if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
         strcat (string, "/");
 #endif
-    strcat (string, root);
+    if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
+	string[MAXPATHLEN - 1] = 0;
+    strncat (string, root, MAXPATHLEN - 1 - strlen(string));
 #endif	/* mpexl */
 }
 #endif	/* !defined(VMS) */
@@ -2838,20 +2851,33 @@
         }
     else
         {
-        strcat (ib_prefix_lock_val, ib_prefix_lock); 
+	ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
+        strncat (ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1 - strlen(ib_prefix_lock_val));
         ib_prefix_lock = ib_prefix_lock_val;
         }
     }
+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
+/* note: strlen(string)==0 here */
 #ifdef mpexl
-strcat (string, root);
-strcat (string, ib_prefix_lock);
+strncat (string, root, MAXPATHLEN - 1);
+if(strlen(root) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
+else {
+    strncat (string, ib_prefix_lock, MAXPATHLEN - 1 - strlen(root));
+    if(strlen(root) + strlen(ib_prefix_lock) >= MAXPATHLEN - 1)
+	string[MAXPATHLEN - 1] = 0;
+}
 #else
-strcat (string, ib_prefix_lock);
+strncat (string, ib_prefix_lock, MAXPATHLEN - 1);
+if (strlen(ib_prefix) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
 #ifndef NETWARE_386
-if (string [strlen (string) - 1] != '/')
+if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
     strcat (string, "/");
 #endif
-strcat (string, root);
+if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
+strncat (string, root, MAXPATHLEN - 1 - strlen(string));
 #endif
 }
 #endif
@@ -2939,21 +2965,34 @@
         }
     else
         {
-        strcat (ib_prefix_msg_val, ib_prefix_msg); 
+	ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
+        strncat (ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1 - strlen(ib_prefix_msg_val)); 
         ib_prefix_msg = ib_prefix_msg_val;
         }
     }
 
+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
+/* note: strlen(string)==0 here */
 #ifdef mpexl
-strcat (string, root);
-strcat (string, ib_prefix_msg);
+strncat (string, root, MAXPATHLEN - 1);
+if(strlen(root) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
+else {
+    strncat (string, ib_prefix_msg, MAXPATHLEN - 1 - strlen(root));
+    if(strlen(root) + strlen(ib_prefix_msg) >= MAXPATHLEN - 1)
+	string[MAXPATHLEN - 1] = 0;
+}
 #else
-strcat (string, ib_prefix_msg);
+strncat (string, ib_prefix_msg, MAXPATHLEN - 1);
+if (strlen(ib_prefix) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
 #ifndef NETWARE_386
-if (string [strlen (string) - 1] != '/')
+if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
     strcat (string, "/");
 #endif
-strcat (string, root);
+if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
+strncat (string, root, MAXPATHLEN - 1 - strlen(string));
 #endif
 }
 #endif
--- firebird-1.0.2.908/jrd/builtin.c.orig	2000-12-29 14:05:07.000000000 +0100
+++ firebird-1.0.2.908/jrd/builtin.c	2003-10-29 20:56:16.270036128 +0100
@@ -74,7 +74,7 @@
  *
  **************************************/
 FN	*function;
-TEXT	*p, temp [256], *ep;
+TEXT	*p, temp [MAXPATHLEN], *ep;
 TEXT	*modname;
 
 /* Strip off any preceeding $INTERBASE path location from the 
--- firebird-1.0.2.908/jrd/event.c.orig	2002-06-21 20:56:55.000000000 +0200
+++ firebird-1.0.2.908/jrd/event.c	2003-10-29 20:57:01.379178496 +0100
@@ -258,7 +258,7 @@
  *	exits, otherwise return NULL.
  *
  **************************************/
-TEXT	*event_file, buffer [256];
+TEXT	*event_file, buffer [MAXPATHLEN];
 
 /* If we're already initialized, there's nothing to do */
 
--- firebird-1.0.2.908/jrd/isc.c.orig	2002-06-21 20:56:55.000000000 +0200
+++ firebird-1.0.2.908/jrd/isc.c	2003-10-29 21:00:27.988769064 +0100
@@ -520,7 +520,7 @@
     {
     IB_FILE        *fd;
     TEXT        *p, *q, buf[80];
-    TEXT        buffer [256];
+    TEXT        buffer [MAXPATHLEN];
 #ifdef SUPERSERVER
     int         n;
     TEXT        dir_name[MAX_PATH_LENGTH];
@@ -724,7 +724,7 @@
 IB_FILE	*fd = NULL;
 IPCCFG	h;
 struct	cfgtbl *t;
-TEXT	buffer [256];
+TEXT	buffer [MAXPATHLEN];
 int	ret = 1;
 
 if (config_file)
--- firebird-1.0.2.908/jrd/isc_cray.c.orig	2000-08-03 22:50:47.000000000 +0200
+++ firebird-1.0.2.908/jrd/isc_cray.c	2003-10-29 21:01:52.928856208 +0100
@@ -654,7 +654,7 @@
  **************************************/
 SLONG	msg [3];
 int	status, pipes [2];
-TEXT	process [64], arg [10];
+TEXT	process [MAXPATHLEN], arg [10];
 
 status = kill (pid, signal_number);
 
--- firebird-1.0.2.908/jrd/isc_ipc.c.orig	2002-06-21 20:56:55.000000000 +0200
+++ firebird-1.0.2.908/jrd/isc_ipc.c	2003-10-29 21:02:12.890821528 +0100
@@ -773,7 +773,7 @@
  **************************************/
 SLONG	msg [3];
 int	status, pipes [2];
-TEXT	process [64], arg [10];
+TEXT	process [MAXPATHLEN], arg [10];
 
 #ifdef NeXT
 /* If not a UNIX signal, send to port watcher */
--- firebird-1.0.2.908/jrd/log.c.orig	2000-08-03 22:50:56.000000000 +0200
+++ firebird-1.0.2.908/jrd/log.c	2003-10-29 21:03:49.526130728 +0100
@@ -632,7 +632,7 @@
 DBB	dbb;
 LOG	log;
 #ifndef STACK_REDUCTION
-SCHAR	*log_name, buffer [256];
+SCHAR	*log_name, buffer [MAXPATHLEN];
 #else
 SCHAR	*log_name, *buffer;
 #endif /* !STACK_REDUCTION */
@@ -640,7 +640,7 @@
 int	mask;
 
 #ifdef STACK_REDUCTION
-buffer = (SCHAR *)gds__alloc ((SLONG)BUFFER_MEDIUM);
+buffer = (SCHAR *)gds__alloc ((SLONG)((BUFFER_MEDIUM > MAXPATHLEN) ? BUFFER_MEDIUM : MAXPATHLEN));
 if(!buffer) /* NOMEM: */
   {
   error ("can't open log file (out of memory)");
--- firebird-1.0.2.908/jrd/svc.c.orig	2002-10-07 12:49:25.000000000 +0200
+++ firebird-1.0.2.908/jrd/svc.c	2003-10-29 21:07:08.137937144 +0100
@@ -149,7 +149,7 @@
 				 *status++ = (STATUS) ERR_string(svc,strlen(svc)); \
 				 *status++ = isc_arg_end; }
 
-#define ERR_FILE_IN_USE		{ TEXT buffer[256]; \
+#define ERR_FILE_IN_USE		{ TEXT buffer[MAXPATHLEN]; \
 		                  gds__prefix (buffer, LOCK_HEADER); \
  		                  *status++ = isc_file_in_use; \
 		                  *status++ = isc_arg_string; \
@@ -849,7 +849,7 @@
  *
  **************************************/
 SCHAR	item, *items, *end_items, *end; 
-UCHAR	buffer [256], dbbuf [1024];
+UCHAR	buffer [MAXPATHLEN /* >=256 */], dbbuf [1024];
 USHORT	l, length, version, get_flags;
 STATUS	*status;
 #ifndef WINDOWS_ONLY
@@ -1361,7 +1361,7 @@
  *
  **************************************/
 SCHAR	item, *items, *end_items, *end, *p, *q; 
-UCHAR	buffer [256];
+UCHAR	buffer [MAXPATHLEN /* >=256 */];
 USHORT	l, length, version, get_flags;
 USHORT  num_att = 0;
 USHORT  num_dbs = 0;
--- firebird-1.0.2.908/gpre/ftn.c.orig	2002-06-21 20:56:55.000000000 +0200
+++ firebird-1.0.2.908/gpre/ftn.c	2003-10-29 21:01:14.106758064 +0100
@@ -1551,7 +1551,7 @@
 TPB		tpb;
 REQ		request;
 BOOLEAN		any_extern;
-TEXT		include_buffer[512];
+TEXT		include_buffer[MAXPATHLEN];
 
 #ifndef mpexl
 ISC_prefix (include_buffer, INCLUDE_FTN_FILE);
--- firebird-1.0.2.908/intl/dtest.c.orig	2000-08-03 22:49:04.000000000 +0200
+++ firebird-1.0.2.908/intl/dtest.c	2003-10-29 20:55:40.683446112 +0100
@@ -124,7 +124,7 @@
 #ifdef LIKE_JRD
 	{
 	char	module[ 200 ];
-	char	path[ 200 ];
+	char	path[ MAXPATHLEN ];
 	char	entry[ 200 ];
 	int	t_type;
 	t_type = atoi( vector[ i ] );
--- firebird-1.0.2.908/csv/csi.c.orig	2000-08-03 22:43:03.000000000 +0200
+++ firebird-1.0.2.908/csv/csi.c	2003-10-29 20:53:28.947473024 +0100
@@ -3733,7 +3733,7 @@
  *
  **************************************/
 UCHAR		output [128], error [128], *p, *q, process_name [16],
-		pipe_temp [256], pipe_file [256];
+		pipe_temp [MAXPATHLEN], pipe_file [256];
 USHORT		i, len;
 ULONG		status, pid, flags, item;
 SLONG		*privileges, procpriv [2], priority;
--- firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c.orig	2001-02-04 05:06:13.000000000 +0100
+++ firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c	2003-10-29 20:55:01.392419256 +0100
@@ -7,7 +7,7 @@
 
 int main()
 {
-    char buff[2048];
+    char buff[MAXPATHLEN + 10];
     int offset;
 
 #ifdef VAR_PATH
--- firebird-1.0.2.908/porting/qli/help.c.orig	2003-01-04 14:08:01.000000000 +0100
+++ firebird-1.0.2.908/porting/qli/help.c	2003-10-29 20:51:01.799842864 +0100
@@ -201,7 +201,7 @@
  **************************************/
 NAM	*ptr, *end, name;
 USHORT	max_level;
-TEXT	target [128], **topic, *topics [16];
+TEXT	target [MAXPATHLEN /* >=128 */], **topic, *topics [16];
 
 if (!HELP_DB)
     {
Commit	Line	Data
ff19b114 JB	1	Some fixes for overflows through "INTERBASE"* environment variables
	2	(CAN-2003-0281); not sure if it's complete - overflows may still exist
	3	in further usage of buffers initialized from env vars truncard to
	4	MAXPATHLEN...
	5
	6	--- firebird-1.0.2.908/wal/wal.c.orig 2000-08-03 22:54:30.000000000 +0200
	7	+++ firebird-1.0.2.908/wal/wal.c 2003-10-29 21:12:08.203320272 +0100
	8	@@ -1142,7 +1142,7 @@
	9	*
	10	**************************************/
	11	WALS WAL_segment;
	12	-TEXT image_name [256];
	13	+TEXT image_name [MAXPATHLEN];
	14	int pid;
	15
	16	gds__prefix (image_name, WAL_WRITER);
	17	--- firebird-1.0.2.908/utilities/srvrmgr.c.orig 2003-10-29 21:13:23.238913128 +0100
	18	+++ firebird-1.0.2.908/utilities/srvrmgr.c 2003-10-29 21:13:11.768656872 +0100
	19	@@ -446,7 +446,7 @@
	20	*
	21	**************************************/
	22	TEXT msg [MSG_LEN];
	23	-TEXT path[PATHLEN];
	24	+TEXT path[MAXPATHLEN];
	25	TEXT *argv[4];
	26	int retry;
	27	pid_t pid, ret_value;
	28	@@ -572,7 +572,7 @@
	29	*
	30	**************************************/
	31	STATUS status[STATUS_BUFLEN];
	32	-TEXT path[PATHLEN];
	33	+TEXT path[MAXPATHLEN];
	34	TEXT db_name[128];
	35	isc_db_handle db_handle = 0L;
	36	BOOLEAN ok;
	37	--- firebird-1.0.2.908/remote/inet.c.orig 2002-08-22 07:45:42.000000000 +0200
	38	+++ firebird-1.0.2.908/remote/inet.c 2003-10-29 21:10:52.813781224 +0100
	39	@@ -2373,7 +2373,7 @@
	40	*
	41	**************************************/
	42	IB_FILE *proxy;
	43	-TEXT *p, proxy_file [64], source_user [64], source_host [MAXHOSTLEN],
	44	+TEXT *p, proxy_file [MAXPATHLEN], source_user [64], source_host [MAXHOSTLEN],
	45	target_user [64], line [128];
	46	int c;
	47	BOOLEAN result;
	48	--- firebird-1.0.2.908/lock/lock.c.orig 2002-04-11 03:04:25.000000000 +0200
	49	+++ firebird-1.0.2.908/lock/lock.c 2003-10-29 21:09:57.632170104 +0100
	50	@@ -2239,8 +2239,8 @@
	51	/* The lock file has some problem - copy it for later analysis */
	52	{
	53	TEXT *lock_file;
	54	- TEXT buffer [256];
	55	- TEXT buffer2 [256];
	56	+ TEXT buffer [MAXPATHLEN*2 + 256];
	57	+ TEXT buffer2 [MAXPATHLEN + 256];
	58	TEXT hostname [64];
	59	gds__prefix_lock (buffer, LOCK_FILE);
	60	lock_file = buffer;
	61	@@ -3007,7 +3007,7 @@
	62	* Fork lock manager process.
	63	*
	64	**************************************/
65	-TEXT string [256];
66	+TEXT string [MAXPATHLEN];
67	struct stat stat_buf;
68	int pid;
69
70	@@ -3280,7 +3280,7 @@
71	#ifdef WINDOWS_ONLY
72	TEXT buffer = (TEXT) gds__alloc ((SLONG) BUFFER_MEDIUM);
73	#else
74	-TEXT buffer [256];
75	+TEXT buffer [MAXPATHLEN];
76	#endif
77	#endif
78
79	--- firebird-1.0.2.908/jrd/gds.c.orig 2002-10-13 07:39:08.000000000 +0200
80	+++ firebird-1.0.2.908/jrd/gds.c 2003-10-29 20:43:18.367295320 +0100
81	@@ -2710,8 +2710,9 @@
82
83	ib_prefix = getenv("ProgramFiles");
84	if (ib_prefix) {
85	- strcpy(ib_prefix_val, ib_prefix);
86	- strcat(ib_prefix_val, "\\Borland\\Interbase\\");
87	+ ib_prefix_val[MAXPATHLEN - 1] = 0;
88	+ strncpy(ib_prefix_val, ib_prefix, MAXPATHLEN - 1);
89	+ strncat(ib_prefix_val, "\\Borland\\Interbase\\", MAXPATHLEN - 1 - strlen(ib_prefix));
90	} else {
91	/* ISC_PREFIX currently defaults to */
92	/* "C:\Program Files\Borland\InterBase\" */
93	@@ -2742,16 +2743,28 @@
94	ib_prefix = ib_prefix_val;
95	}
96	}
97	+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
98	+/* note: strlen(string)==0 here */
99	#ifdef mpexl
100	- strcat (string, root);
101	- strcat (string, ib_prefix);
102	+ strncat (string, root, MAXPATHLEN - 1);
103	+ if(strlen(root) >= MAXPATHLEN - 1)
104	+ string[MAXPATHLEN - 1] = 0;
105	+ else {
106	+ strncat (string, ib_prefix, MAXPATHLEN - 1 - strlen(root));
107	+ if(strlen(root) + strlen(ib_prefix) >= MAXPATHLEN - 1)
108	+ string[MAXPATHLEN - 1] = 0;
109	+ }
110	#else /* mpexl */
111	- strcat (string, ib_prefix);
112	+ strncat (string, ib_prefix, MAXPATHLEN - 1);
113	+ if (strlen(ib_prefix) >= MAXPATHLEN - 1)
114	+ string[MAXPATHLEN - 1] = 0;
115	#ifndef NETWARE_386
116	- if (string [strlen (string) - 1] != '/')
117	+ if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
118	strcat (string, "/");
119	#endif
120	- strcat (string, root);
121	+ if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
122	+ string[MAXPATHLEN - 1] = 0;
123	+ strncat (string, root, MAXPATHLEN - 1 - strlen(string));
124	#endif /* mpexl */
125	}
126	#endif /* !defined(VMS) */
127	@@ -2838,20 +2851,33 @@
128	}
129	else
130	{
131	- strcat (ib_prefix_lock_val, ib_prefix_lock);
132	+ ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
133	+ strncat (ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1 - strlen(ib_prefix_lock_val));
134	ib_prefix_lock = ib_prefix_lock_val;
135	}
136	}
137	+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
138	+/* note: strlen(string)==0 here */
139	#ifdef mpexl
140	-strcat (string, root);
141	-strcat (string, ib_prefix_lock);
142	+strncat (string, root, MAXPATHLEN - 1);
143	+if(strlen(root) >= MAXPATHLEN - 1)
144	+ string[MAXPATHLEN - 1] = 0;
145	+else {
146	+ strncat (string, ib_prefix_lock, MAXPATHLEN - 1 - strlen(root));
147	+ if(strlen(root) + strlen(ib_prefix_lock) >= MAXPATHLEN - 1)
148	+ string[MAXPATHLEN - 1] = 0;
149	+}
150	#else
151	-strcat (string, ib_prefix_lock);
152	+strncat (string, ib_prefix_lock, MAXPATHLEN - 1);
153	+if (strlen(ib_prefix) >= MAXPATHLEN - 1)
154	+ string[MAXPATHLEN - 1] = 0;
155	#ifndef NETWARE_386
156	-if (string [strlen (string) - 1] != '/')
157	+if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
158	strcat (string, "/");
159	#endif
160	-strcat (string, root);
161	+if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
162	+ string[MAXPATHLEN - 1] = 0;
163	+strncat (string, root, MAXPATHLEN - 1 - strlen(string));
164	#endif
165	}
166	#endif
167	@@ -2939,21 +2965,34 @@
168	}
169	else
170	{
171	- strcat (ib_prefix_msg_val, ib_prefix_msg);
172	+ ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
173	+ strncat (ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1 - strlen(ib_prefix_msg_val));
174	ib_prefix_msg = ib_prefix_msg_val;
175	}
176	}
177
178	+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
179	+/* note: strlen(string)==0 here */
180	#ifdef mpexl
181	-strcat (string, root);
182	-strcat (string, ib_prefix_msg);
183	+strncat (string, root, MAXPATHLEN - 1);
184	+if(strlen(root) >= MAXPATHLEN - 1)
185	+ string[MAXPATHLEN - 1] = 0;
186	+else {
187	+ strncat (string, ib_prefix_msg, MAXPATHLEN - 1 - strlen(root));
188	+ if(strlen(root) + strlen(ib_prefix_msg) >= MAXPATHLEN - 1)
189	+ string[MAXPATHLEN - 1] = 0;
190	+}
191	#else
192	-strcat (string, ib_prefix_msg);
193	+strncat (string, ib_prefix_msg, MAXPATHLEN - 1);
194	+if (strlen(ib_prefix) >= MAXPATHLEN - 1)
195	+ string[MAXPATHLEN - 1] = 0;
196	#ifndef NETWARE_386
197	-if (string [strlen (string) - 1] != '/')
198	+if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
199	strcat (string, "/");
200	#endif
201	-strcat (string, root);
202	+if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
203	+ string[MAXPATHLEN - 1] = 0;
204	+strncat (string, root, MAXPATHLEN - 1 - strlen(string));
205	#endif
206	}
207	#endif
208	--- firebird-1.0.2.908/jrd/builtin.c.orig 2000-12-29 14:05:07.000000000 +0100
209	+++ firebird-1.0.2.908/jrd/builtin.c 2003-10-29 20:56:16.270036128 +0100
210	@@ -74,7 +74,7 @@
211	*
212	**************************************/
213	FN *function;
214	-TEXT p, temp [256], ep;
215	+TEXT p, temp [MAXPATHLEN], ep;
216	TEXT *modname;
217
218	/* Strip off any preceeding $INTERBASE path location from the
219	--- firebird-1.0.2.908/jrd/event.c.orig 2002-06-21 20:56:55.000000000 +0200
220	+++ firebird-1.0.2.908/jrd/event.c 2003-10-29 20:57:01.379178496 +0100
221	@@ -258,7 +258,7 @@
222	* exits, otherwise return NULL.
223	*
224	**************************************/
225	-TEXT *event_file, buffer [256];
226	+TEXT *event_file, buffer [MAXPATHLEN];
227
228	/* If we're already initialized, there's nothing to do */
229
230	--- firebird-1.0.2.908/jrd/isc.c.orig 2002-06-21 20:56:55.000000000 +0200
231	+++ firebird-1.0.2.908/jrd/isc.c 2003-10-29 21:00:27.988769064 +0100
232	@@ -520,7 +520,7 @@
233	{
234	IB_FILE *fd;
235	TEXT p, q, buf[80];
236	- TEXT buffer [256];
237	+ TEXT buffer [MAXPATHLEN];
238	#ifdef SUPERSERVER
239	int n;
240	TEXT dir_name[MAX_PATH_LENGTH];
241	@@ -724,7 +724,7 @@
242	IB_FILE *fd = NULL;
243	IPCCFG h;
244	struct cfgtbl *t;
245	-TEXT buffer [256];
246	+TEXT buffer [MAXPATHLEN];
247	int ret = 1;
248
249	if (config_file)
250	--- firebird-1.0.2.908/jrd/isc_cray.c.orig 2000-08-03 22:50:47.000000000 +0200
251	+++ firebird-1.0.2.908/jrd/isc_cray.c 2003-10-29 21:01:52.928856208 +0100
252	@@ -654,7 +654,7 @@
253	**************************************/
254	SLONG msg [3];
255	int status, pipes [2];
256	-TEXT process [64], arg [10];
257	+TEXT process [MAXPATHLEN], arg [10];
258
259	status = kill (pid, signal_number);
260
261	--- firebird-1.0.2.908/jrd/isc_ipc.c.orig 2002-06-21 20:56:55.000000000 +0200
262	+++ firebird-1.0.2.908/jrd/isc_ipc.c 2003-10-29 21:02:12.890821528 +0100
263	@@ -773,7 +773,7 @@
264	**************************************/
265	SLONG msg [3];
266	int status, pipes [2];
267	-TEXT process [64], arg [10];
268	+TEXT process [MAXPATHLEN], arg [10];
269
270	#ifdef NeXT
271	/* If not a UNIX signal, send to port watcher */
272	--- firebird-1.0.2.908/jrd/log.c.orig 2000-08-03 22:50:56.000000000 +0200
273	+++ firebird-1.0.2.908/jrd/log.c 2003-10-29 21:03:49.526130728 +0100
274	@@ -632,7 +632,7 @@
275	DBB dbb;
276	LOG log;
277	#ifndef STACK_REDUCTION
278	-SCHAR *log_name, buffer [256];
279	+SCHAR *log_name, buffer [MAXPATHLEN];
280	#else
281	SCHAR log_name, buffer;
282	#endif /* !STACK_REDUCTION */
283	@@ -640,7 +640,7 @@
284	int mask;
285
286	#ifdef STACK_REDUCTION
287	-buffer = (SCHAR *)gds__alloc ((SLONG)BUFFER_MEDIUM);
288	+buffer = (SCHAR *)gds__alloc ((SLONG)((BUFFER_MEDIUM > MAXPATHLEN) ? BUFFER_MEDIUM : MAXPATHLEN));
289	if(!buffer) /* NOMEM: */
290	{
291	error ("can't open log file (out of memory)");
292	--- firebird-1.0.2.908/jrd/svc.c.orig 2002-10-07 12:49:25.000000000 +0200
293	+++ firebird-1.0.2.908/jrd/svc.c 2003-10-29 21:07:08.137937144 +0100
294	@@ -149,7 +149,7 @@
295	*status++ = (STATUS) ERR_string(svc,strlen(svc)); \
296	*status++ = isc_arg_end; }
297
298	-#define ERR_FILE_IN_USE { TEXT buffer[256]; \
299	+#define ERR_FILE_IN_USE { TEXT buffer[MAXPATHLEN]; \
300	gds__prefix (buffer, LOCK_HEADER); \
301	*status++ = isc_file_in_use; \
302	*status++ = isc_arg_string; \
303	@@ -849,7 +849,7 @@
304	*
305	**************************************/
306	SCHAR item, items, end_items, *end;
307	-UCHAR buffer [256], dbbuf [1024];
308	+UCHAR buffer [MAXPATHLEN /* >=256 */], dbbuf [1024];
309	USHORT l, length, version, get_flags;
310	STATUS *status;
311	#ifndef WINDOWS_ONLY
312	@@ -1361,7 +1361,7 @@
313	*
314	**************************************/
315	SCHAR item, items, end_items, end, p, *q;
316	-UCHAR buffer [256];
317	+UCHAR buffer [MAXPATHLEN /* >=256 */];
318	USHORT l, length, version, get_flags;
319	USHORT num_att = 0;
320	USHORT num_dbs = 0;
321	--- firebird-1.0.2.908/gpre/ftn.c.orig 2002-06-21 20:56:55.000000000 +0200
322	+++ firebird-1.0.2.908/gpre/ftn.c 2003-10-29 21:01:14.106758064 +0100
323	@@ -1551,7 +1551,7 @@
324	TPB tpb;
325	REQ request;
326	BOOLEAN any_extern;
327	-TEXT include_buffer[512];
328	+TEXT include_buffer[MAXPATHLEN];
329
330	#ifndef mpexl
331	ISC_prefix (include_buffer, INCLUDE_FTN_FILE);
332	--- firebird-1.0.2.908/intl/dtest.c.orig 2000-08-03 22:49:04.000000000 +0200
333	+++ firebird-1.0.2.908/intl/dtest.c 2003-10-29 20:55:40.683446112 +0100
334	@@ -124,7 +124,7 @@
335	#ifdef LIKE_JRD
336	{
337	char module[ 200 ];
338	- char path[ 200 ];
339	+ char path[ MAXPATHLEN ];
340	char entry[ 200 ];
341	int t_type;
342	t_type = atoi( vector[ i ] );
343	--- firebird-1.0.2.908/csv/csi.c.orig 2000-08-03 22:43:03.000000000 +0200
344	+++ firebird-1.0.2.908/csv/csi.c 2003-10-29 20:53:28.947473024 +0100
345	@@ -3733,7 +3733,7 @@
346	*
347	**************************************/
348	UCHAR output [128], error [128], p, q, process_name [16],
349	- pipe_temp [256], pipe_file [256];
350	+ pipe_temp [MAXPATHLEN], pipe_file [256];
351	USHORT i, len;
352	ULONG status, pid, flags, item;
353	SLONG *privileges, procpriv [2], priority;
354	--- firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c.orig 2001-02-04 05:06:13.000000000 +0100
355	+++ firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c 2003-10-29 20:55:01.392419256 +0100
356	@@ -7,7 +7,7 @@
357
358	int main()
359	{
360	- char buff[2048];
361	+ char buff[MAXPATHLEN + 10];
362	int offset;
363
364	#ifdef VAR_PATH
365	--- firebird-1.0.2.908/porting/qli/help.c.orig 2003-01-04 14:08:01.000000000 +0100
366	+++ firebird-1.0.2.908/porting/qli/help.c 2003-10-29 20:51:01.799842864 +0100
367	@@ -201,7 +201,7 @@
368	**************************************/
369	NAM ptr, end, name;
370	USHORT max_level;
371	-TEXT target [128], *topic, topics [16];
372	+TEXT target [MAXPATHLEN /* >=128 /], topic, topics [16];
373
374	if (!HELP_DB)
375	{