- new
[packages/Firebird.git] / Firebird-env-overflows.patch
1 --- firebird-1.5.0.4290/src/lock/lock.cpp.orig  2003-11-25 07:37:57.000000000 +0100
2 +++ firebird-1.5.0.4290/src/lock/lock.cpp       2004-05-29 16:46:45.238245656 +0200
3 @@ -2027,7 +2027,7 @@
4                 /* The lock file has some problem - copy it for later analysis */
5                 {
6                         TEXT *lock_file;
7 -                       TEXT buffer[2 * MAXPATHLEN];
8 +                       TEXT buffer[2 * MAXPATHLEN + 256];
9                         TEXT buffer2[2 * MAXPATHLEN];
10                         TEXT hostname[64];
11                         gds__prefix_lock(buffer, LOCK_FILE);
12 --- firebird-1.5.0.4290/src/jrd/gds.cpp.orig    2004-02-06 05:56:28.000000000 +0100
13 +++ firebird-1.5.0.4290/src/jrd/gds.cpp 2004-05-29 17:54:46.802753536 +0200
14 @@ -1573,7 +1573,10 @@
15                         ib_prefix = ib_prefix_val;
16                 }
17         }
18 -       strcat(resultString, ib_prefix);
19 +       /* beware of no length check after getenv() */
20 +       if(strlen(ib_prefix) >= MAXPATHLEN)
21 +               resultString[MAXPATHLEN - 1] = 0;
22 +       strncat(resultString, ib_prefix, MAXPATHLEN - 1);
23         safe_concat_path(resultString, file);
24  }
25  #endif /* !defined(VMS) */
26 @@ -1662,11 +1665,14 @@
27  #endif
28                 }
29                 else {
30 -                       strcat(ib_prefix_lock_val, ib_prefix_lock);
31 +                       ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
32 +                       strncpy(ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1);
33                         ib_prefix_lock = ib_prefix_lock_val;
34                 }
35         }
36 -       strcat(string, ib_prefix_lock);
37 +       if(strlen(ib_prefix_lock) >= MAXPATHLEN)
38 +               string[MAXPATHLEN - 1] = 0;
39 +       strncat(string, ib_prefix_lock, MAXPATHLEN - 1);
40         safe_concat_path(string, root);
41  }
42  #endif
43 @@ -1746,11 +1752,14 @@
44                         gds__prefix(ib_prefix_msg, "");
45                 }
46                 else {
47 -                       strcat(ib_prefix_msg_val, ib_prefix_msg);
48 +                       ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
49 +                       strncpy(ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1);
50                         ib_prefix_msg = ib_prefix_msg_val;
51                 }
52         }
53 -       strcat(string, ib_prefix_msg);
54 +       if(strlen(ib_prefix_msg) >= MAXPATHLEN)
55 +               string[MAXPATHLEN - 1] = 0;
56 +       strncat(string, ib_prefix_msg, MAXPATHLEN - 1);
57         safe_concat_path(string, root);
58  }
59  #endif
This page took 0.08611 seconds and 3 git commands to generate.