- more, but incomplete

[packages/Firebird.git] / Firebird-env-overflows.patch

Some fixes for overflows through "INTERBASE"* environment variables
(CAN-2003-0281); not sure if it's complete - overflows may still exist
in further usage of buffers initialized from env vars truncard to
MAXPATHLEN...

--- firebird-1.0.2.908/wal/wal.c.orig   2000-08-03 22:54:30.000000000 +0200
+++ firebird-1.0.2.908/wal/wal.c        2003-10-29 21:12:08.203320272 +0100
@@ -1142,7 +1142,7 @@
  *
  **************************************/               
 WALS   WAL_segment;
-TEXT   image_name [256];
+TEXT   image_name [MAXPATHLEN];
 int    pid;
 
 gds__prefix (image_name, WAL_WRITER);  
--- firebird-1.0.2.908/utilities/srvrmgr.c.orig 2003-10-29 21:13:23.238913128 +0100
+++ firebird-1.0.2.908/utilities/srvrmgr.c      2003-10-29 21:13:11.768656872 +0100
@@ -446,7 +446,7 @@
  *
  **************************************/
 TEXT    msg [MSG_LEN];
-TEXT    path[PATHLEN];
+TEXT    path[MAXPATHLEN];
 TEXT   *argv[4];
 int    retry;
 pid_t  pid, ret_value;
@@ -572,7 +572,7 @@
  *
  **************************************/
 STATUS         status[STATUS_BUFLEN];
-TEXT           path[PATHLEN];
+TEXT           path[MAXPATHLEN];
 TEXT           db_name[128];
 isc_db_handle  db_handle = 0L;
 BOOLEAN                ok;
--- firebird-1.0.2.908/remote/inet.c.orig       2002-08-22 07:45:42.000000000 +0200
+++ firebird-1.0.2.908/remote/inet.c    2003-10-29 21:10:52.813781224 +0100
@@ -2373,7 +2373,7 @@
  *
  **************************************/
 IB_FILE        *proxy;
-TEXT   *p, proxy_file [64], source_user [64], source_host [MAXHOSTLEN],
+TEXT   *p, proxy_file [MAXPATHLEN], source_user [64], source_host [MAXHOSTLEN],
        target_user [64], line [128];
 int    c;
 BOOLEAN        result;
--- firebird-1.0.2.908/lock/lock.c.orig 2002-04-11 03:04:25.000000000 +0200
+++ firebird-1.0.2.908/lock/lock.c      2003-10-29 21:09:57.632170104 +0100
@@ -2239,8 +2239,8 @@
     /* The lock file has some problem - copy it for later analysis */
     {
     TEXT       *lock_file;
-    TEXT       buffer [256];   
-    TEXT       buffer2 [256];  
+    TEXT       buffer [MAXPATHLEN*2 + 256];
+    TEXT       buffer2 [MAXPATHLEN + 256];
     TEXT       hostname [64];
     gds__prefix_lock (buffer, LOCK_FILE);
     lock_file = buffer;
@@ -3007,7 +3007,7 @@
  *     Fork lock manager process.
  *
  **************************************/
-TEXT           string [256];
+TEXT           string [MAXPATHLEN];
 struct stat    stat_buf;
 int            pid;
 
@@ -3280,7 +3280,7 @@
 #ifdef WINDOWS_ONLY
 TEXT           *buffer = (TEXT*) gds__alloc ((SLONG) BUFFER_MEDIUM);
 #else
-TEXT           buffer [256];
+TEXT           buffer [MAXPATHLEN];
 #endif
 #endif
 
--- firebird-1.0.2.908/jrd/gds.c.orig   2002-10-13 07:39:08.000000000 +0200
+++ firebird-1.0.2.908/jrd/gds.c        2003-10-29 20:43:18.367295320 +0100
@@ -2710,8 +2710,9 @@
 
                                ib_prefix = getenv("ProgramFiles");
                                if (ib_prefix) {
-                                       strcpy(ib_prefix_val, ib_prefix);
-                                       strcat(ib_prefix_val, "\\Borland\\Interbase\\");
+                                       ib_prefix_val[MAXPATHLEN - 1] = 0;
+                                       strncpy(ib_prefix_val, ib_prefix, MAXPATHLEN - 1);
+                                       strncat(ib_prefix_val, "\\Borland\\Interbase\\", MAXPATHLEN - 1 - strlen(ib_prefix));
                                } else {
                                        /* ISC_PREFIX currently defaults to      */
                                        /* "C:\Program Files\Borland\InterBase\" */
@@ -2742,16 +2743,28 @@
             ib_prefix = ib_prefix_val;
         }
     }
+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
+/* note: strlen(string)==0 here */
 #ifdef mpexl
-    strcat (string, root);
-    strcat (string, ib_prefix);
+    strncat (string, root, MAXPATHLEN - 1);
+    if(strlen(root) >= MAXPATHLEN - 1)
+       string[MAXPATHLEN - 1] = 0;
+    else {
+       strncat (string, ib_prefix, MAXPATHLEN - 1 - strlen(root));
+       if(strlen(root) + strlen(ib_prefix) >= MAXPATHLEN - 1)
+           string[MAXPATHLEN - 1] = 0;
+    }
 #else  /* mpexl */
-    strcat (string, ib_prefix);
+    strncat (string, ib_prefix, MAXPATHLEN - 1);
+    if (strlen(ib_prefix) >= MAXPATHLEN - 1)
+       string[MAXPATHLEN - 1] = 0;
 #ifndef NETWARE_386
-    if (string [strlen (string) - 1] != '/')
+    if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
         strcat (string, "/");
 #endif
-    strcat (string, root);
+    if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
+       string[MAXPATHLEN - 1] = 0;
+    strncat (string, root, MAXPATHLEN - 1 - strlen(string));
 #endif /* mpexl */
 }
 #endif /* !defined(VMS) */
@@ -2838,20 +2851,33 @@
         }
     else
         {
-        strcat (ib_prefix_lock_val, ib_prefix_lock); 
+       ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
+        strncat (ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1 - strlen(ib_prefix_lock_val));
         ib_prefix_lock = ib_prefix_lock_val;
         }
     }
+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
+/* note: strlen(string)==0 here */
 #ifdef mpexl
-strcat (string, root);
-strcat (string, ib_prefix_lock);
+strncat (string, root, MAXPATHLEN - 1);
+if(strlen(root) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
+else {
+    strncat (string, ib_prefix_lock, MAXPATHLEN - 1 - strlen(root));
+    if(strlen(root) + strlen(ib_prefix_lock) >= MAXPATHLEN - 1)
+       string[MAXPATHLEN - 1] = 0;
+}
 #else
-strcat (string, ib_prefix_lock);
+strncat (string, ib_prefix_lock, MAXPATHLEN - 1);
+if (strlen(ib_prefix) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
 #ifndef NETWARE_386
-if (string [strlen (string) - 1] != '/')
+if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
     strcat (string, "/");
 #endif
-strcat (string, root);
+if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
+strncat (string, root, MAXPATHLEN - 1 - strlen(string));
 #endif
 }
 #endif
@@ -2939,21 +2965,34 @@
         }
     else
         {
-        strcat (ib_prefix_msg_val, ib_prefix_msg); 
+       ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
+        strncat (ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1 - strlen(ib_prefix_msg_val)); 
         ib_prefix_msg = ib_prefix_msg_val;
         }
     }
 
+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
+/* note: strlen(string)==0 here */
 #ifdef mpexl
-strcat (string, root);
-strcat (string, ib_prefix_msg);
+strncat (string, root, MAXPATHLEN - 1);
+if(strlen(root) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
+else {
+    strncat (string, ib_prefix_msg, MAXPATHLEN - 1 - strlen(root));
+    if(strlen(root) + strlen(ib_prefix_msg) >= MAXPATHLEN - 1)
+       string[MAXPATHLEN - 1] = 0;
+}
 #else
-strcat (string, ib_prefix_msg);
+strncat (string, ib_prefix_msg, MAXPATHLEN - 1);
+if (strlen(ib_prefix) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
 #ifndef NETWARE_386
-if (string [strlen (string) - 1] != '/')
+if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
     strcat (string, "/");
 #endif
-strcat (string, root);
+if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
+    string[MAXPATHLEN - 1] = 0;
+strncat (string, root, MAXPATHLEN - 1 - strlen(string));
 #endif
 }
 #endif
--- firebird-1.0.2.908/jrd/builtin.c.orig       2000-12-29 14:05:07.000000000 +0100
+++ firebird-1.0.2.908/jrd/builtin.c    2003-10-29 20:56:16.270036128 +0100
@@ -74,7 +74,7 @@
  *
  **************************************/
 FN     *function;
-TEXT   *p, temp [256], *ep;
+TEXT   *p, temp [MAXPATHLEN], *ep;
 TEXT   *modname;
 
 /* Strip off any preceeding $INTERBASE path location from the 
--- firebird-1.0.2.908/jrd/event.c.orig 2002-06-21 20:56:55.000000000 +0200
+++ firebird-1.0.2.908/jrd/event.c      2003-10-29 20:57:01.379178496 +0100
@@ -258,7 +258,7 @@
  *     exits, otherwise return NULL.
  *
  **************************************/
-TEXT   *event_file, buffer [256];
+TEXT   *event_file, buffer [MAXPATHLEN];
 
 /* If we're already initialized, there's nothing to do */
 
--- firebird-1.0.2.908/jrd/isc.c.orig   2002-06-21 20:56:55.000000000 +0200
+++ firebird-1.0.2.908/jrd/isc.c        2003-10-29 21:00:27.988769064 +0100
@@ -520,7 +520,7 @@
     {
     IB_FILE        *fd;
     TEXT        *p, *q, buf[80];
-    TEXT        buffer [256];
+    TEXT        buffer [MAXPATHLEN];
 #ifdef SUPERSERVER
     int         n;
     TEXT        dir_name[MAX_PATH_LENGTH];
@@ -724,7 +724,7 @@
 IB_FILE        *fd = NULL;
 IPCCFG h;
 struct cfgtbl *t;
-TEXT   buffer [256];
+TEXT   buffer [MAXPATHLEN];
 int    ret = 1;
 
 if (config_file)
--- firebird-1.0.2.908/jrd/isc_cray.c.orig      2000-08-03 22:50:47.000000000 +0200
+++ firebird-1.0.2.908/jrd/isc_cray.c   2003-10-29 21:01:52.928856208 +0100
@@ -654,7 +654,7 @@
  **************************************/
 SLONG  msg [3];
 int    status, pipes [2];
-TEXT   process [64], arg [10];
+TEXT   process [MAXPATHLEN], arg [10];
 
 status = kill (pid, signal_number);
 
--- firebird-1.0.2.908/jrd/isc_ipc.c.orig       2002-06-21 20:56:55.000000000 +0200
+++ firebird-1.0.2.908/jrd/isc_ipc.c    2003-10-29 21:02:12.890821528 +0100
@@ -773,7 +773,7 @@
  **************************************/
 SLONG  msg [3];
 int    status, pipes [2];
-TEXT   process [64], arg [10];
+TEXT   process [MAXPATHLEN], arg [10];
 
 #ifdef NeXT
 /* If not a UNIX signal, send to port watcher */
--- firebird-1.0.2.908/jrd/log.c.orig   2000-08-03 22:50:56.000000000 +0200
+++ firebird-1.0.2.908/jrd/log.c        2003-10-29 21:03:49.526130728 +0100
@@ -632,7 +632,7 @@
 DBB    dbb;
 LOG    log;
 #ifndef STACK_REDUCTION
-SCHAR  *log_name, buffer [256];
+SCHAR  *log_name, buffer [MAXPATHLEN];
 #else
 SCHAR  *log_name, *buffer;
 #endif /* !STACK_REDUCTION */
@@ -640,7 +640,7 @@
 int    mask;
 
 #ifdef STACK_REDUCTION
-buffer = (SCHAR *)gds__alloc ((SLONG)BUFFER_MEDIUM);
+buffer = (SCHAR *)gds__alloc ((SLONG)((BUFFER_MEDIUM > MAXPATHLEN) ? BUFFER_MEDIUM : MAXPATHLEN));
 if(!buffer) /* NOMEM: */
   {
   error ("can't open log file (out of memory)");
--- firebird-1.0.2.908/jrd/svc.c.orig   2002-10-07 12:49:25.000000000 +0200
+++ firebird-1.0.2.908/jrd/svc.c        2003-10-29 21:07:08.137937144 +0100
@@ -149,7 +149,7 @@
                                 *status++ = (STATUS) ERR_string(svc,strlen(svc)); \
                                 *status++ = isc_arg_end; }
 
-#define ERR_FILE_IN_USE                { TEXT buffer[256]; \
+#define ERR_FILE_IN_USE                { TEXT buffer[MAXPATHLEN]; \
                                  gds__prefix (buffer, LOCK_HEADER); \
                                  *status++ = isc_file_in_use; \
                                  *status++ = isc_arg_string; \
@@ -849,7 +849,7 @@
  *
  **************************************/
 SCHAR  item, *items, *end_items, *end; 
-UCHAR  buffer [256], dbbuf [1024];
+UCHAR  buffer [MAXPATHLEN /* >=256 */], dbbuf [1024];
 USHORT l, length, version, get_flags;
 STATUS *status;
 #ifndef WINDOWS_ONLY
@@ -1361,7 +1361,7 @@
  *
  **************************************/
 SCHAR  item, *items, *end_items, *end, *p, *q; 
-UCHAR  buffer [256];
+UCHAR  buffer [MAXPATHLEN /* >=256 */];
 USHORT l, length, version, get_flags;
 USHORT  num_att = 0;
 USHORT  num_dbs = 0;
--- firebird-1.0.2.908/gpre/ftn.c.orig  2002-06-21 20:56:55.000000000 +0200
+++ firebird-1.0.2.908/gpre/ftn.c       2003-10-29 21:01:14.106758064 +0100
@@ -1551,7 +1551,7 @@
 TPB            tpb;
 REQ            request;
 BOOLEAN                any_extern;
-TEXT           include_buffer[512];
+TEXT           include_buffer[MAXPATHLEN];
 
 #ifndef mpexl
 ISC_prefix (include_buffer, INCLUDE_FTN_FILE);
--- firebird-1.0.2.908/intl/dtest.c.orig        2000-08-03 22:49:04.000000000 +0200
+++ firebird-1.0.2.908/intl/dtest.c     2003-10-29 20:55:40.683446112 +0100
@@ -124,7 +124,7 @@
 #ifdef LIKE_JRD
        {
        char    module[ 200 ];
-       char    path[ 200 ];
+       char    path[ MAXPATHLEN ];
        char    entry[ 200 ];
        int     t_type;
        t_type = atoi( vector[ i ] );
--- firebird-1.0.2.908/csv/csi.c.orig   2000-08-03 22:43:03.000000000 +0200
+++ firebird-1.0.2.908/csv/csi.c        2003-10-29 20:53:28.947473024 +0100
@@ -3733,7 +3733,7 @@
  *
  **************************************/
 UCHAR          output [128], error [128], *p, *q, process_name [16],
-               pipe_temp [256], pipe_file [256];
+               pipe_temp [MAXPATHLEN], pipe_file [256];
 USHORT         i, len;
 ULONG          status, pid, flags, item;
 SLONG          *privileges, procpriv [2], priority;
--- firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c.orig      2001-02-04 05:06:13.000000000 +0100
+++ firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c   2003-10-29 20:55:01.392419256 +0100
@@ -7,7 +7,7 @@
 
 int main()
 {
-    char buff[2048];
+    char buff[MAXPATHLEN + 10];
     int offset;
 
 #ifdef VAR_PATH
--- firebird-1.0.2.908/porting/qli/help.c.orig  2003-01-04 14:08:01.000000000 +0100
+++ firebird-1.0.2.908/porting/qli/help.c       2003-10-29 20:51:01.799842864 +0100
@@ -201,7 +201,7 @@
  **************************************/
 NAM    *ptr, *end, name;
 USHORT max_level;
-TEXT   target [128], **topic, *topics [16];
+TEXT   target [MAXPATHLEN /* >=128 */], **topic, *topics [16];
 
 if (!HELP_DB)
     {