-Some fixes for overflows through "INTERBASE"* environment variables
-(CAN-2003-0281); not sure if it's complete - overflows may still exist
-in further usage of buffers initialized from env vars truncard to
-MAXPATHLEN...
-
---- firebird-1.0.2.908/wal/wal.c.orig 2000-08-03 22:54:30.000000000 +0200
-+++ firebird-1.0.2.908/wal/wal.c 2003-10-29 21:12:08.203320272 +0100
-@@ -1142,7 +1142,7 @@
- *
- **************************************/
- WALS WAL_segment;
--TEXT image_name [256];
-+TEXT image_name [MAXPATHLEN];
- int pid;
-
- gds__prefix (image_name, WAL_WRITER);
---- firebird-1.0.2.908/utilities/srvrmgr.c.orig 2003-10-29 21:13:23.238913128 +0100
-+++ firebird-1.0.2.908/utilities/srvrmgr.c 2003-10-29 21:13:11.768656872 +0100
-@@ -446,7 +446,7 @@
- *
- **************************************/
- TEXT msg [MSG_LEN];
--TEXT path[PATHLEN];
-+TEXT path[MAXPATHLEN];
- TEXT *argv[4];
- int retry;
- pid_t pid, ret_value;
-@@ -572,7 +572,7 @@
- *
- **************************************/
- STATUS status[STATUS_BUFLEN];
--TEXT path[PATHLEN];
-+TEXT path[MAXPATHLEN];
- TEXT db_name[128];
- isc_db_handle db_handle = 0L;
- BOOLEAN ok;
---- firebird-1.0.2.908/remote/inet.c.orig 2002-08-22 07:45:42.000000000 +0200
-+++ firebird-1.0.2.908/remote/inet.c 2003-10-29 21:10:52.813781224 +0100
-@@ -2373,7 +2373,7 @@
- *
- **************************************/
- IB_FILE *proxy;
--TEXT *p, proxy_file [64], source_user [64], source_host [MAXHOSTLEN],
-+TEXT *p, proxy_file [MAXPATHLEN], source_user [64], source_host [MAXHOSTLEN],
- target_user [64], line [128];
- int c;
- BOOLEAN result;
---- firebird-1.0.2.908/lock/lock.c.orig 2002-04-11 03:04:25.000000000 +0200
-+++ firebird-1.0.2.908/lock/lock.c 2003-10-29 21:09:57.632170104 +0100
-@@ -2239,8 +2239,8 @@
- /* The lock file has some problem - copy it for later analysis */
- {
- TEXT *lock_file;
-- TEXT buffer [256];
-- TEXT buffer2 [256];
-+ TEXT buffer [MAXPATHLEN*2 + 256];
-+ TEXT buffer2 [MAXPATHLEN + 256];
- TEXT hostname [64];
- gds__prefix_lock (buffer, LOCK_FILE);
- lock_file = buffer;
-@@ -3007,7 +3007,7 @@
- * Fork lock manager process.
- *
- **************************************/
--TEXT string [256];
-+TEXT string [MAXPATHLEN];
- struct stat stat_buf;
- int pid;
-
-@@ -3280,7 +3280,7 @@
- #ifdef WINDOWS_ONLY
- TEXT *buffer = (TEXT*) gds__alloc ((SLONG) BUFFER_MEDIUM);
- #else
--TEXT buffer [256];
-+TEXT buffer [MAXPATHLEN];
- #endif
- #endif
-
---- firebird-1.0.2.908/jrd/gds.c.orig 2002-10-13 07:39:08.000000000 +0200
-+++ firebird-1.0.2.908/jrd/gds.c 2003-10-29 20:43:18.367295320 +0100
-@@ -2710,8 +2710,9 @@
-
- ib_prefix = getenv("ProgramFiles");
- if (ib_prefix) {
-- strcpy(ib_prefix_val, ib_prefix);
-- strcat(ib_prefix_val, "\\Borland\\Interbase\\");
-+ ib_prefix_val[MAXPATHLEN - 1] = 0;
-+ strncpy(ib_prefix_val, ib_prefix, MAXPATHLEN - 1);
-+ strncat(ib_prefix_val, "\\Borland\\Interbase\\", MAXPATHLEN - 1 - strlen(ib_prefix));
- } else {
- /* ISC_PREFIX currently defaults to */
- /* "C:\Program Files\Borland\InterBase\" */
-@@ -2742,16 +2743,28 @@
- ib_prefix = ib_prefix_val;
- }
- }
-+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
-+/* note: strlen(string)==0 here */
- #ifdef mpexl
-- strcat (string, root);
-- strcat (string, ib_prefix);
-+ strncat (string, root, MAXPATHLEN - 1);
-+ if(strlen(root) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
-+ else {
-+ strncat (string, ib_prefix, MAXPATHLEN - 1 - strlen(root));
-+ if(strlen(root) + strlen(ib_prefix) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
-+ }
- #else /* mpexl */
-- strcat (string, ib_prefix);
-+ strncat (string, ib_prefix, MAXPATHLEN - 1);
-+ if (strlen(ib_prefix) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
- #ifndef NETWARE_386
-- if (string [strlen (string) - 1] != '/')
-+ if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
- strcat (string, "/");
- #endif
-- strcat (string, root);
-+ if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
-+ strncat (string, root, MAXPATHLEN - 1 - strlen(string));
- #endif /* mpexl */
+--- firebird-1.5.0.4290/src/lock/lock.cpp.orig 2003-11-25 07:37:57.000000000 +0100
++++ firebird-1.5.0.4290/src/lock/lock.cpp 2004-05-29 16:46:45.238245656 +0200
+@@ -2027,7 +2027,7 @@
+ /* The lock file has some problem - copy it for later analysis */
+ {
+ TEXT *lock_file;
+- TEXT buffer[2 * MAXPATHLEN];
++ TEXT buffer[2 * MAXPATHLEN + 256];
+ TEXT buffer2[2 * MAXPATHLEN];
+ TEXT hostname[64];
+ gds__prefix_lock(buffer, LOCK_FILE);
+--- firebird-1.5.0.4290/src/jrd/gds.cpp.orig 2004-02-06 05:56:28.000000000 +0100
++++ firebird-1.5.0.4290/src/jrd/gds.cpp 2004-05-29 17:54:46.802753536 +0200
+@@ -1573,7 +1573,10 @@
+ ib_prefix = ib_prefix_val;
+ }
+ }
+- strcat(resultString, ib_prefix);
++ /* beware of no length check after getenv() */
++ if(strlen(ib_prefix) >= MAXPATHLEN)
++ resultString[MAXPATHLEN - 1] = 0;
++ strncat(resultString, ib_prefix, MAXPATHLEN - 1);
+ safe_concat_path(resultString, file);
}
- #endif /* !defined(VMS) */
-@@ -2838,20 +2851,33 @@
- }
- else
- {
-- strcat (ib_prefix_lock_val, ib_prefix_lock);
-+ ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
-+ strncat (ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1 - strlen(ib_prefix_lock_val));
- ib_prefix_lock = ib_prefix_lock_val;
- }
- }
-+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
-+/* note: strlen(string)==0 here */
- #ifdef mpexl
--strcat (string, root);
--strcat (string, ib_prefix_lock);
-+strncat (string, root, MAXPATHLEN - 1);
-+if(strlen(root) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
-+else {
-+ strncat (string, ib_prefix_lock, MAXPATHLEN - 1 - strlen(root));
-+ if(strlen(root) + strlen(ib_prefix_lock) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
-+}
- #else
--strcat (string, ib_prefix_lock);
-+strncat (string, ib_prefix_lock, MAXPATHLEN - 1);
-+if (strlen(ib_prefix) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
- #ifndef NETWARE_386
--if (string [strlen (string) - 1] != '/')
-+if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
- strcat (string, "/");
- #endif
--strcat (string, root);
-+if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
-+strncat (string, root, MAXPATHLEN - 1 - strlen(string));
- #endif
+ #endif /* !defined(VMS) */
+@@ -1662,11 +1665,14 @@
+ #endif
+ }
+ else {
+- strcat(ib_prefix_lock_val, ib_prefix_lock);
++ ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
++ strncpy(ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1);
+ ib_prefix_lock = ib_prefix_lock_val;
+ }
+ }
+- strcat(string, ib_prefix_lock);
++ if(strlen(ib_prefix_lock) >= MAXPATHLEN)
++ string[MAXPATHLEN - 1] = 0;
++ strncat(string, ib_prefix_lock, MAXPATHLEN - 1);
+ safe_concat_path(string, root);
}
#endif
-@@ -2939,21 +2965,34 @@
- }
- else
- {
-- strcat (ib_prefix_msg_val, ib_prefix_msg);
-+ ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
-+ strncat (ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1 - strlen(ib_prefix_msg_val));
- ib_prefix_msg = ib_prefix_msg_val;
- }
- }
-
-+/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
-+/* note: strlen(string)==0 here */
- #ifdef mpexl
--strcat (string, root);
--strcat (string, ib_prefix_msg);
-+strncat (string, root, MAXPATHLEN - 1);
-+if(strlen(root) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
-+else {
-+ strncat (string, ib_prefix_msg, MAXPATHLEN - 1 - strlen(root));
-+ if(strlen(root) + strlen(ib_prefix_msg) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
-+}
- #else
--strcat (string, ib_prefix_msg);
-+strncat (string, ib_prefix_msg, MAXPATHLEN - 1);
-+if (strlen(ib_prefix) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
- #ifndef NETWARE_386
--if (string [strlen (string) - 1] != '/')
-+if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
- strcat (string, "/");
- #endif
--strcat (string, root);
-+if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
-+ string[MAXPATHLEN - 1] = 0;
-+strncat (string, root, MAXPATHLEN - 1 - strlen(string));
- #endif
+@@ -1746,11 +1752,14 @@
+ gds__prefix(ib_prefix_msg, "");
+ }
+ else {
+- strcat(ib_prefix_msg_val, ib_prefix_msg);
++ ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
++ strncpy(ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1);
+ ib_prefix_msg = ib_prefix_msg_val;
+ }
+ }
+- strcat(string, ib_prefix_msg);
++ if(strlen(ib_prefix_msg) >= MAXPATHLEN)
++ string[MAXPATHLEN - 1] = 0;
++ strncat(string, ib_prefix_msg, MAXPATHLEN - 1);
+ safe_concat_path(string, root);
}
#endif
---- firebird-1.0.2.908/jrd/builtin.c.orig 2000-12-29 14:05:07.000000000 +0100
-+++ firebird-1.0.2.908/jrd/builtin.c 2003-10-29 20:56:16.270036128 +0100
-@@ -74,7 +74,7 @@
- *
- **************************************/
- FN *function;
--TEXT *p, temp [256], *ep;
-+TEXT *p, temp [MAXPATHLEN], *ep;
- TEXT *modname;
-
- /* Strip off any preceeding $INTERBASE path location from the
---- firebird-1.0.2.908/jrd/event.c.orig 2002-06-21 20:56:55.000000000 +0200
-+++ firebird-1.0.2.908/jrd/event.c 2003-10-29 20:57:01.379178496 +0100
-@@ -258,7 +258,7 @@
- * exits, otherwise return NULL.
- *
- **************************************/
--TEXT *event_file, buffer [256];
-+TEXT *event_file, buffer [MAXPATHLEN];
-
- /* If we're already initialized, there's nothing to do */
-
---- firebird-1.0.2.908/jrd/isc.c.orig 2002-06-21 20:56:55.000000000 +0200
-+++ firebird-1.0.2.908/jrd/isc.c 2003-10-29 21:00:27.988769064 +0100
-@@ -520,7 +520,7 @@
- {
- IB_FILE *fd;
- TEXT *p, *q, buf[80];
-- TEXT buffer [256];
-+ TEXT buffer [MAXPATHLEN];
- #ifdef SUPERSERVER
- int n;
- TEXT dir_name[MAX_PATH_LENGTH];
-@@ -724,7 +724,7 @@
- IB_FILE *fd = NULL;
- IPCCFG h;
- struct cfgtbl *t;
--TEXT buffer [256];
-+TEXT buffer [MAXPATHLEN];
- int ret = 1;
-
- if (config_file)
---- firebird-1.0.2.908/jrd/isc_cray.c.orig 2000-08-03 22:50:47.000000000 +0200
-+++ firebird-1.0.2.908/jrd/isc_cray.c 2003-10-29 21:01:52.928856208 +0100
-@@ -654,7 +654,7 @@
- **************************************/
- SLONG msg [3];
- int status, pipes [2];
--TEXT process [64], arg [10];
-+TEXT process [MAXPATHLEN], arg [10];
-
- status = kill (pid, signal_number);
-
---- firebird-1.0.2.908/jrd/isc_ipc.c.orig 2002-06-21 20:56:55.000000000 +0200
-+++ firebird-1.0.2.908/jrd/isc_ipc.c 2003-10-29 21:02:12.890821528 +0100
-@@ -773,7 +773,7 @@
- **************************************/
- SLONG msg [3];
- int status, pipes [2];
--TEXT process [64], arg [10];
-+TEXT process [MAXPATHLEN], arg [10];
-
- #ifdef NeXT
- /* If not a UNIX signal, send to port watcher */
---- firebird-1.0.2.908/jrd/log.c.orig 2000-08-03 22:50:56.000000000 +0200
-+++ firebird-1.0.2.908/jrd/log.c 2003-10-29 21:03:49.526130728 +0100
-@@ -632,7 +632,7 @@
- DBB dbb;
- LOG log;
- #ifndef STACK_REDUCTION
--SCHAR *log_name, buffer [256];
-+SCHAR *log_name, buffer [MAXPATHLEN];
- #else
- SCHAR *log_name, *buffer;
- #endif /* !STACK_REDUCTION */
-@@ -640,7 +640,7 @@
- int mask;
-
- #ifdef STACK_REDUCTION
--buffer = (SCHAR *)gds__alloc ((SLONG)BUFFER_MEDIUM);
-+buffer = (SCHAR *)gds__alloc ((SLONG)((BUFFER_MEDIUM > MAXPATHLEN) ? BUFFER_MEDIUM : MAXPATHLEN));
- if(!buffer) /* NOMEM: */
- {
- error ("can't open log file (out of memory)");
---- firebird-1.0.2.908/jrd/svc.c.orig 2002-10-07 12:49:25.000000000 +0200
-+++ firebird-1.0.2.908/jrd/svc.c 2003-10-29 21:07:08.137937144 +0100
-@@ -149,7 +149,7 @@
- *status++ = (STATUS) ERR_string(svc,strlen(svc)); \
- *status++ = isc_arg_end; }
-
--#define ERR_FILE_IN_USE { TEXT buffer[256]; \
-+#define ERR_FILE_IN_USE { TEXT buffer[MAXPATHLEN]; \
- gds__prefix (buffer, LOCK_HEADER); \
- *status++ = isc_file_in_use; \
- *status++ = isc_arg_string; \
-@@ -849,7 +849,7 @@
- *
- **************************************/
- SCHAR item, *items, *end_items, *end;
--UCHAR buffer [256], dbbuf [1024];
-+UCHAR buffer [MAXPATHLEN /* >=256 */], dbbuf [1024];
- USHORT l, length, version, get_flags;
- STATUS *status;
- #ifndef WINDOWS_ONLY
-@@ -1361,7 +1361,7 @@
- *
- **************************************/
- SCHAR item, *items, *end_items, *end, *p, *q;
--UCHAR buffer [256];
-+UCHAR buffer [MAXPATHLEN /* >=256 */];
- USHORT l, length, version, get_flags;
- USHORT num_att = 0;
- USHORT num_dbs = 0;
---- firebird-1.0.2.908/gpre/ftn.c.orig 2002-06-21 20:56:55.000000000 +0200
-+++ firebird-1.0.2.908/gpre/ftn.c 2003-10-29 21:01:14.106758064 +0100
-@@ -1551,7 +1551,7 @@
- TPB tpb;
- REQ request;
- BOOLEAN any_extern;
--TEXT include_buffer[512];
-+TEXT include_buffer[MAXPATHLEN];
-
- #ifndef mpexl
- ISC_prefix (include_buffer, INCLUDE_FTN_FILE);
---- firebird-1.0.2.908/intl/dtest.c.orig 2000-08-03 22:49:04.000000000 +0200
-+++ firebird-1.0.2.908/intl/dtest.c 2003-10-29 20:55:40.683446112 +0100
-@@ -124,7 +124,7 @@
- #ifdef LIKE_JRD
- {
- char module[ 200 ];
-- char path[ 200 ];
-+ char path[ MAXPATHLEN ];
- char entry[ 200 ];
- int t_type;
- t_type = atoi( vector[ i ] );
---- firebird-1.0.2.908/csv/csi.c.orig 2000-08-03 22:43:03.000000000 +0200
-+++ firebird-1.0.2.908/csv/csi.c 2003-10-29 20:53:28.947473024 +0100
-@@ -3733,7 +3733,7 @@
- *
- **************************************/
- UCHAR output [128], error [128], *p, *q, process_name [16],
-- pipe_temp [256], pipe_file [256];
-+ pipe_temp [MAXPATHLEN], pipe_file [256];
- USHORT i, len;
- ULONG status, pid, flags, item;
- SLONG *privileges, procpriv [2], priority;
---- firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c.orig 2001-02-04 05:06:13.000000000 +0100
-+++ firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c 2003-10-29 20:55:01.392419256 +0100
-@@ -7,7 +7,7 @@
-
- int main()
- {
-- char buff[2048];
-+ char buff[MAXPATHLEN + 10];
- int offset;
-
- #ifdef VAR_PATH
---- firebird-1.0.2.908/porting/qli/help.c.orig 2003-01-04 14:08:01.000000000 +0100
-+++ firebird-1.0.2.908/porting/qli/help.c 2003-10-29 20:51:01.799842864 +0100
-@@ -201,7 +201,7 @@
- **************************************/
- NAM *ptr, *end, name;
- USHORT max_level;
--TEXT target [128], **topic, *topics [16];
-+TEXT target [MAXPATHLEN /* >=128 */], **topic, *topics [16];
-
- if (!HELP_DB)
- {