1 Some fixes for overflows through "INTERBASE"* environment variables
2 (CAN-2003-0281); not sure if it's complete - overflows may still exist
3 in further usage of buffers initialized from env vars truncard to
6 --- firebird-1.0.2.908/wal/wal.c.orig 2000-08-03 22:54:30.000000000 +0200
7 +++ firebird-1.0.2.908/wal/wal.c 2003-10-29 21:12:08.203320272 +0100
10 **************************************/
12 -TEXT image_name [256];
13 +TEXT image_name [MAXPATHLEN];
16 gds__prefix (image_name, WAL_WRITER);
17 --- firebird-1.0.2.908/utilities/srvrmgr.c.orig 2003-10-29 21:13:23.238913128 +0100
18 +++ firebird-1.0.2.908/utilities/srvrmgr.c 2003-10-29 21:13:11.768656872 +0100
21 **************************************/
24 +TEXT path[MAXPATHLEN];
30 **************************************/
31 STATUS status[STATUS_BUFLEN];
33 +TEXT path[MAXPATHLEN];
35 isc_db_handle db_handle = 0L;
37 --- firebird-1.0.2.908/remote/inet.c.orig 2002-08-22 07:45:42.000000000 +0200
38 +++ firebird-1.0.2.908/remote/inet.c 2003-10-29 21:10:52.813781224 +0100
41 **************************************/
43 -TEXT *p, proxy_file [64], source_user [64], source_host [MAXHOSTLEN],
44 +TEXT *p, proxy_file [MAXPATHLEN], source_user [64], source_host [MAXHOSTLEN],
45 target_user [64], line [128];
48 --- firebird-1.0.2.908/lock/lock.c.orig 2002-04-11 03:04:25.000000000 +0200
49 +++ firebird-1.0.2.908/lock/lock.c 2003-10-29 21:09:57.632170104 +0100
51 /* The lock file has some problem - copy it for later analysis */
56 + TEXT buffer [MAXPATHLEN*2 + 256];
57 + TEXT buffer2 [MAXPATHLEN + 256];
59 gds__prefix_lock (buffer, LOCK_FILE);
62 * Fork lock manager process.
64 **************************************/
66 +TEXT string [MAXPATHLEN];
72 TEXT *buffer = (TEXT*) gds__alloc ((SLONG) BUFFER_MEDIUM);
75 +TEXT buffer [MAXPATHLEN];
79 --- firebird-1.0.2.908/jrd/gds.c.orig 2002-10-13 07:39:08.000000000 +0200
80 +++ firebird-1.0.2.908/jrd/gds.c 2003-10-29 20:43:18.367295320 +0100
83 ib_prefix = getenv("ProgramFiles");
85 - strcpy(ib_prefix_val, ib_prefix);
86 - strcat(ib_prefix_val, "\\Borland\\Interbase\\");
87 + ib_prefix_val[MAXPATHLEN - 1] = 0;
88 + strncpy(ib_prefix_val, ib_prefix, MAXPATHLEN - 1);
89 + strncat(ib_prefix_val, "\\Borland\\Interbase\\", MAXPATHLEN - 1 - strlen(ib_prefix));
91 /* ISC_PREFIX currently defaults to */
92 /* "C:\Program Files\Borland\InterBase\" */
93 @@ -2742,16 +2743,28 @@
94 ib_prefix = ib_prefix_val;
97 +/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
98 +/* note: strlen(string)==0 here */
100 - strcat (string, root);
101 - strcat (string, ib_prefix);
102 + strncat (string, root, MAXPATHLEN - 1);
103 + if(strlen(root) >= MAXPATHLEN - 1)
104 + string[MAXPATHLEN - 1] = 0;
106 + strncat (string, ib_prefix, MAXPATHLEN - 1 - strlen(root));
107 + if(strlen(root) + strlen(ib_prefix) >= MAXPATHLEN - 1)
108 + string[MAXPATHLEN - 1] = 0;
111 - strcat (string, ib_prefix);
112 + strncat (string, ib_prefix, MAXPATHLEN - 1);
113 + if (strlen(ib_prefix) >= MAXPATHLEN - 1)
114 + string[MAXPATHLEN - 1] = 0;
116 - if (string [strlen (string) - 1] != '/')
117 + if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
118 strcat (string, "/");
120 - strcat (string, root);
121 + if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
122 + string[MAXPATHLEN - 1] = 0;
123 + strncat (string, root, MAXPATHLEN - 1 - strlen(string));
126 #endif /* !defined(VMS) */
127 @@ -2838,20 +2851,33 @@
131 - strcat (ib_prefix_lock_val, ib_prefix_lock);
132 + ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
133 + strncat (ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1 - strlen(ib_prefix_lock_val));
134 ib_prefix_lock = ib_prefix_lock_val;
137 +/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
138 +/* note: strlen(string)==0 here */
140 -strcat (string, root);
141 -strcat (string, ib_prefix_lock);
142 +strncat (string, root, MAXPATHLEN - 1);
143 +if(strlen(root) >= MAXPATHLEN - 1)
144 + string[MAXPATHLEN - 1] = 0;
146 + strncat (string, ib_prefix_lock, MAXPATHLEN - 1 - strlen(root));
147 + if(strlen(root) + strlen(ib_prefix_lock) >= MAXPATHLEN - 1)
148 + string[MAXPATHLEN - 1] = 0;
151 -strcat (string, ib_prefix_lock);
152 +strncat (string, ib_prefix_lock, MAXPATHLEN - 1);
153 +if (strlen(ib_prefix) >= MAXPATHLEN - 1)
154 + string[MAXPATHLEN - 1] = 0;
156 -if (string [strlen (string) - 1] != '/')
157 +if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
158 strcat (string, "/");
160 -strcat (string, root);
161 +if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
162 + string[MAXPATHLEN - 1] = 0;
163 +strncat (string, root, MAXPATHLEN - 1 - strlen(string));
167 @@ -2939,21 +2965,34 @@
171 - strcat (ib_prefix_msg_val, ib_prefix_msg);
172 + ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
173 + strncat (ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1 - strlen(ib_prefix_msg_val));
174 ib_prefix_msg = ib_prefix_msg_val;
178 +/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
179 +/* note: strlen(string)==0 here */
181 -strcat (string, root);
182 -strcat (string, ib_prefix_msg);
183 +strncat (string, root, MAXPATHLEN - 1);
184 +if(strlen(root) >= MAXPATHLEN - 1)
185 + string[MAXPATHLEN - 1] = 0;
187 + strncat (string, ib_prefix_msg, MAXPATHLEN - 1 - strlen(root));
188 + if(strlen(root) + strlen(ib_prefix_msg) >= MAXPATHLEN - 1)
189 + string[MAXPATHLEN - 1] = 0;
192 -strcat (string, ib_prefix_msg);
193 +strncat (string, ib_prefix_msg, MAXPATHLEN - 1);
194 +if (strlen(ib_prefix) >= MAXPATHLEN - 1)
195 + string[MAXPATHLEN - 1] = 0;
197 -if (string [strlen (string) - 1] != '/')
198 +if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
199 strcat (string, "/");
201 -strcat (string, root);
202 +if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
203 + string[MAXPATHLEN - 1] = 0;
204 +strncat (string, root, MAXPATHLEN - 1 - strlen(string));
208 --- firebird-1.0.2.908/jrd/builtin.c.orig 2000-12-29 14:05:07.000000000 +0100
209 +++ firebird-1.0.2.908/jrd/builtin.c 2003-10-29 20:56:16.270036128 +0100
212 **************************************/
214 -TEXT *p, temp [256], *ep;
215 +TEXT *p, temp [MAXPATHLEN], *ep;
218 /* Strip off any preceeding $INTERBASE path location from the
219 --- firebird-1.0.2.908/jrd/event.c.orig 2002-06-21 20:56:55.000000000 +0200
220 +++ firebird-1.0.2.908/jrd/event.c 2003-10-29 20:57:01.379178496 +0100
222 * exits, otherwise return NULL.
224 **************************************/
225 -TEXT *event_file, buffer [256];
226 +TEXT *event_file, buffer [MAXPATHLEN];
228 /* If we're already initialized, there's nothing to do */
230 --- firebird-1.0.2.908/jrd/isc.c.orig 2002-06-21 20:56:55.000000000 +0200
231 +++ firebird-1.0.2.908/jrd/isc.c 2003-10-29 21:00:27.988769064 +0100
235 TEXT *p, *q, buf[80];
237 + TEXT buffer [MAXPATHLEN];
240 TEXT dir_name[MAX_PATH_LENGTH];
246 +TEXT buffer [MAXPATHLEN];
250 --- firebird-1.0.2.908/jrd/isc_cray.c.orig 2000-08-03 22:50:47.000000000 +0200
251 +++ firebird-1.0.2.908/jrd/isc_cray.c 2003-10-29 21:01:52.928856208 +0100
253 **************************************/
255 int status, pipes [2];
256 -TEXT process [64], arg [10];
257 +TEXT process [MAXPATHLEN], arg [10];
259 status = kill (pid, signal_number);
261 --- firebird-1.0.2.908/jrd/isc_ipc.c.orig 2002-06-21 20:56:55.000000000 +0200
262 +++ firebird-1.0.2.908/jrd/isc_ipc.c 2003-10-29 21:02:12.890821528 +0100
264 **************************************/
266 int status, pipes [2];
267 -TEXT process [64], arg [10];
268 +TEXT process [MAXPATHLEN], arg [10];
271 /* If not a UNIX signal, send to port watcher */
272 --- firebird-1.0.2.908/jrd/log.c.orig 2000-08-03 22:50:56.000000000 +0200
273 +++ firebird-1.0.2.908/jrd/log.c 2003-10-29 21:03:49.526130728 +0100
277 #ifndef STACK_REDUCTION
278 -SCHAR *log_name, buffer [256];
279 +SCHAR *log_name, buffer [MAXPATHLEN];
281 SCHAR *log_name, *buffer;
282 #endif /* !STACK_REDUCTION */
286 #ifdef STACK_REDUCTION
287 -buffer = (SCHAR *)gds__alloc ((SLONG)BUFFER_MEDIUM);
288 +buffer = (SCHAR *)gds__alloc ((SLONG)((BUFFER_MEDIUM > MAXPATHLEN) ? BUFFER_MEDIUM : MAXPATHLEN));
289 if(!buffer) /* NOMEM: */
291 error ("can't open log file (out of memory)");
292 --- firebird-1.0.2.908/jrd/svc.c.orig 2002-10-07 12:49:25.000000000 +0200
293 +++ firebird-1.0.2.908/jrd/svc.c 2003-10-29 21:07:08.137937144 +0100
295 *status++ = (STATUS) ERR_string(svc,strlen(svc)); \
296 *status++ = isc_arg_end; }
298 -#define ERR_FILE_IN_USE { TEXT buffer[256]; \
299 +#define ERR_FILE_IN_USE { TEXT buffer[MAXPATHLEN]; \
300 gds__prefix (buffer, LOCK_HEADER); \
301 *status++ = isc_file_in_use; \
302 *status++ = isc_arg_string; \
305 **************************************/
306 SCHAR item, *items, *end_items, *end;
307 -UCHAR buffer [256], dbbuf [1024];
308 +UCHAR buffer [MAXPATHLEN /* >=256 */], dbbuf [1024];
309 USHORT l, length, version, get_flags;
312 @@ -1361,7 +1361,7 @@
314 **************************************/
315 SCHAR item, *items, *end_items, *end, *p, *q;
317 +UCHAR buffer [MAXPATHLEN /* >=256 */];
318 USHORT l, length, version, get_flags;
321 --- firebird-1.0.2.908/gpre/ftn.c.orig 2002-06-21 20:56:55.000000000 +0200
322 +++ firebird-1.0.2.908/gpre/ftn.c 2003-10-29 21:01:14.106758064 +0100
323 @@ -1551,7 +1551,7 @@
327 -TEXT include_buffer[512];
328 +TEXT include_buffer[MAXPATHLEN];
331 ISC_prefix (include_buffer, INCLUDE_FTN_FILE);
332 --- firebird-1.0.2.908/intl/dtest.c.orig 2000-08-03 22:49:04.000000000 +0200
333 +++ firebird-1.0.2.908/intl/dtest.c 2003-10-29 20:55:40.683446112 +0100
339 + char path[ MAXPATHLEN ];
342 t_type = atoi( vector[ i ] );
343 --- firebird-1.0.2.908/csv/csi.c.orig 2000-08-03 22:43:03.000000000 +0200
344 +++ firebird-1.0.2.908/csv/csi.c 2003-10-29 20:53:28.947473024 +0100
345 @@ -3733,7 +3733,7 @@
347 **************************************/
348 UCHAR output [128], error [128], *p, *q, process_name [16],
349 - pipe_temp [256], pipe_file [256];
350 + pipe_temp [MAXPATHLEN], pipe_file [256];
352 ULONG status, pid, flags, item;
353 SLONG *privileges, procpriv [2], priority;
354 --- firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c.orig 2001-02-04 05:06:13.000000000 +0100
355 +++ firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c 2003-10-29 20:55:01.392419256 +0100
361 + char buff[MAXPATHLEN + 10];
365 --- firebird-1.0.2.908/porting/qli/help.c.orig 2003-01-04 14:08:01.000000000 +0100
366 +++ firebird-1.0.2.908/porting/qli/help.c 2003-10-29 20:51:01.799842864 +0100
368 **************************************/
369 NAM *ptr, *end, name;
371 -TEXT target [128], **topic, *topics [16];
372 +TEXT target [MAXPATHLEN /* >=128 */], **topic, *topics [16];