Firebird-env-overflows.patch

   1 --- firebird-1.5.0.4290/src/lock/lock.cpp.orig  2003-11-25 07:37:57.000000000 +0100
   2 +++ firebird-1.5.0.4290/src/lock/lock.cpp       2004-05-29 16:46:45.238245656 +0200
   3 @@ -2027,7 +2027,7 @@
   4                 /* The lock file has some problem - copy it for later analysis */
   5                 {
   6                         TEXT *lock_file;
   7 -                       TEXT buffer[2 * MAXPATHLEN];
   8 +                       TEXT buffer[2 * MAXPATHLEN + 256];
   9                         TEXT buffer2[2 * MAXPATHLEN];
  10                         TEXT hostname[64];
  11                         gds__prefix_lock(buffer, LOCK_FILE);
  12 --- firebird-1.5.0.4290/src/jrd/gds.cpp.orig    2004-02-06 05:56:28.000000000 +0100
  13 +++ firebird-1.5.0.4290/src/jrd/gds.cpp 2004-05-29 17:54:46.802753536 +0200
  14 @@ -1573,7 +1573,10 @@
  15                         ib_prefix = ib_prefix_val;
  16                 }
  17         }
  18 -       strcat(resultString, ib_prefix);
  19 +       /* beware of no length check after getenv() */
  20 +       if(strlen(ib_prefix) >= MAXPATHLEN)
  21 +               resultString[MAXPATHLEN - 1] = 0;
  22 +       strncat(resultString, ib_prefix, MAXPATHLEN - 1);
  23         safe_concat_path(resultString, file);
  24  }
  25  #endif /* !defined(VMS) */
  26 @@ -1662,11 +1665,14 @@
  27  #endif
  28                 }
  29                 else {
  30 -                       strcat(ib_prefix_lock_val, ib_prefix_lock);
  31 +                       ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
  32 +                       strncpy(ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1);
  33                         ib_prefix_lock = ib_prefix_lock_val;
  34                 }
  35         }
  36 -       strcat(string, ib_prefix_lock);
  37 +       if(strlen(ib_prefix_lock) >= MAXPATHLEN)
  38 +               string[MAXPATHLEN - 1] = 0;
  39 +       strncat(string, ib_prefix_lock, MAXPATHLEN - 1);
  40         safe_concat_path(string, root);
  41  }
  42  #endif
  43 @@ -1746,11 +1752,14 @@
  44                         gds__prefix(ib_prefix_msg, "");
  45                 }
  46                 else {
  47 -                       strcat(ib_prefix_msg_val, ib_prefix_msg);
  48 +                       ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
  49 +                       strncpy(ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1);
  50                         ib_prefix_msg = ib_prefix_msg_val;
  51                 }
  52         }
  53 -       strcat(string, ib_prefix_msg);
  54 +       if(strlen(ib_prefix_msg) >= MAXPATHLEN)
  55 +               string[MAXPATHLEN - 1] = 0;
  56 +       strncat(string, ib_prefix_msg, MAXPATHLEN - 1);
  57         safe_concat_path(string, root);
  58  }
  59  #endif