--- /dev/null
+Some fixes for overflows through "INTERBASE"* environment variables
+(CAN-2003-0281); not sure if it's complete - overflows may still exist
+in further usage of buffers initialized from env vars truncard to
+MAXPATHLEN...
+
+--- firebird-1.0.2.908/wal/wal.c.orig 2000-08-03 22:54:30.000000000 +0200
++++ firebird-1.0.2.908/wal/wal.c 2003-10-29 21:12:08.203320272 +0100
+@@ -1142,7 +1142,7 @@
+ *
+ **************************************/
+ WALS WAL_segment;
+-TEXT image_name [256];
++TEXT image_name [MAXPATHLEN];
+ int pid;
+
+ gds__prefix (image_name, WAL_WRITER);
+--- firebird-1.0.2.908/utilities/srvrmgr.c.orig 2003-10-29 21:13:23.238913128 +0100
++++ firebird-1.0.2.908/utilities/srvrmgr.c 2003-10-29 21:13:11.768656872 +0100
+@@ -446,7 +446,7 @@
+ *
+ **************************************/
+ TEXT msg [MSG_LEN];
+-TEXT path[PATHLEN];
++TEXT path[MAXPATHLEN];
+ TEXT *argv[4];
+ int retry;
+ pid_t pid, ret_value;
+@@ -572,7 +572,7 @@
+ *
+ **************************************/
+ STATUS status[STATUS_BUFLEN];
+-TEXT path[PATHLEN];
++TEXT path[MAXPATHLEN];
+ TEXT db_name[128];
+ isc_db_handle db_handle = 0L;
+ BOOLEAN ok;
+--- firebird-1.0.2.908/remote/inet.c.orig 2002-08-22 07:45:42.000000000 +0200
++++ firebird-1.0.2.908/remote/inet.c 2003-10-29 21:10:52.813781224 +0100
+@@ -2373,7 +2373,7 @@
+ *
+ **************************************/
+ IB_FILE *proxy;
+-TEXT *p, proxy_file [64], source_user [64], source_host [MAXHOSTLEN],
++TEXT *p, proxy_file [MAXPATHLEN], source_user [64], source_host [MAXHOSTLEN],
+ target_user [64], line [128];
+ int c;
+ BOOLEAN result;
+--- firebird-1.0.2.908/lock/lock.c.orig 2002-04-11 03:04:25.000000000 +0200
++++ firebird-1.0.2.908/lock/lock.c 2003-10-29 21:09:57.632170104 +0100
+@@ -2239,8 +2239,8 @@
+ /* The lock file has some problem - copy it for later analysis */
+ {
+ TEXT *lock_file;
+- TEXT buffer [256];
+- TEXT buffer2 [256];
++ TEXT buffer [MAXPATHLEN*2 + 256];
++ TEXT buffer2 [MAXPATHLEN + 256];
+ TEXT hostname [64];
+ gds__prefix_lock (buffer, LOCK_FILE);
+ lock_file = buffer;
+@@ -3007,7 +3007,7 @@
+ * Fork lock manager process.
+ *
+ **************************************/
+-TEXT string [256];
++TEXT string [MAXPATHLEN];
+ struct stat stat_buf;
+ int pid;
+
+@@ -3280,7 +3280,7 @@
+ #ifdef WINDOWS_ONLY
+ TEXT *buffer = (TEXT*) gds__alloc ((SLONG) BUFFER_MEDIUM);
+ #else
+-TEXT buffer [256];
++TEXT buffer [MAXPATHLEN];
+ #endif
+ #endif
+
+--- firebird-1.0.2.908/jrd/gds.c.orig 2002-10-13 07:39:08.000000000 +0200
++++ firebird-1.0.2.908/jrd/gds.c 2003-10-29 20:43:18.367295320 +0100
+@@ -2710,8 +2710,9 @@
+
+ ib_prefix = getenv("ProgramFiles");
+ if (ib_prefix) {
+- strcpy(ib_prefix_val, ib_prefix);
+- strcat(ib_prefix_val, "\\Borland\\Interbase\\");
++ ib_prefix_val[MAXPATHLEN - 1] = 0;
++ strncpy(ib_prefix_val, ib_prefix, MAXPATHLEN - 1);
++ strncat(ib_prefix_val, "\\Borland\\Interbase\\", MAXPATHLEN - 1 - strlen(ib_prefix));
+ } else {
+ /* ISC_PREFIX currently defaults to */
+ /* "C:\Program Files\Borland\InterBase\" */
+@@ -2742,16 +2743,28 @@
+ ib_prefix = ib_prefix_val;
+ }
+ }
++/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
++/* note: strlen(string)==0 here */
+ #ifdef mpexl
+- strcat (string, root);
+- strcat (string, ib_prefix);
++ strncat (string, root, MAXPATHLEN - 1);
++ if(strlen(root) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
++ else {
++ strncat (string, ib_prefix, MAXPATHLEN - 1 - strlen(root));
++ if(strlen(root) + strlen(ib_prefix) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
++ }
+ #else /* mpexl */
+- strcat (string, ib_prefix);
++ strncat (string, ib_prefix, MAXPATHLEN - 1);
++ if (strlen(ib_prefix) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
+ #ifndef NETWARE_386
+- if (string [strlen (string) - 1] != '/')
++ if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
+ strcat (string, "/");
+ #endif
+- strcat (string, root);
++ if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
++ strncat (string, root, MAXPATHLEN - 1 - strlen(string));
+ #endif /* mpexl */
+ }
+ #endif /* !defined(VMS) */
+@@ -2838,20 +2851,33 @@
+ }
+ else
+ {
+- strcat (ib_prefix_lock_val, ib_prefix_lock);
++ ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
++ strncat (ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1 - strlen(ib_prefix_lock_val));
+ ib_prefix_lock = ib_prefix_lock_val;
+ }
+ }
++/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
++/* note: strlen(string)==0 here */
+ #ifdef mpexl
+-strcat (string, root);
+-strcat (string, ib_prefix_lock);
++strncat (string, root, MAXPATHLEN - 1);
++if(strlen(root) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
++else {
++ strncat (string, ib_prefix_lock, MAXPATHLEN - 1 - strlen(root));
++ if(strlen(root) + strlen(ib_prefix_lock) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
++}
+ #else
+-strcat (string, ib_prefix_lock);
++strncat (string, ib_prefix_lock, MAXPATHLEN - 1);
++if (strlen(ib_prefix) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
+ #ifndef NETWARE_386
+-if (string [strlen (string) - 1] != '/')
++if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
+ strcat (string, "/");
+ #endif
+-strcat (string, root);
++if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
++strncat (string, root, MAXPATHLEN - 1 - strlen(string));
+ #endif
+ }
+ #endif
+@@ -2939,21 +2965,34 @@
+ }
+ else
+ {
+- strcat (ib_prefix_msg_val, ib_prefix_msg);
++ ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
++ strncat (ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1 - strlen(ib_prefix_msg_val));
+ ib_prefix_msg = ib_prefix_msg_val;
+ }
+ }
+
++/* ugh. string SHOULD be at least MAXPATHLEN long, but we CAN'T assume this */
++/* note: strlen(string)==0 here */
+ #ifdef mpexl
+-strcat (string, root);
+-strcat (string, ib_prefix_msg);
++strncat (string, root, MAXPATHLEN - 1);
++if(strlen(root) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
++else {
++ strncat (string, ib_prefix_msg, MAXPATHLEN - 1 - strlen(root));
++ if(strlen(root) + strlen(ib_prefix_msg) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
++}
+ #else
+-strcat (string, ib_prefix_msg);
++strncat (string, ib_prefix_msg, MAXPATHLEN - 1);
++if (strlen(ib_prefix) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
+ #ifndef NETWARE_386
+-if (string [strlen (string) - 1] != '/')
++if ((string [strlen (string) - 1] != '/') && (strlen(string) < MAXPATHLEN - 1))
+ strcat (string, "/");
+ #endif
+-strcat (string, root);
++if(strlen(string) + strlen(root) >= MAXPATHLEN - 1)
++ string[MAXPATHLEN - 1] = 0;
++strncat (string, root, MAXPATHLEN - 1 - strlen(string));
+ #endif
+ }
+ #endif
+--- firebird-1.0.2.908/jrd/builtin.c.orig 2000-12-29 14:05:07.000000000 +0100
++++ firebird-1.0.2.908/jrd/builtin.c 2003-10-29 20:56:16.270036128 +0100
+@@ -74,7 +74,7 @@
+ *
+ **************************************/
+ FN *function;
+-TEXT *p, temp [256], *ep;
++TEXT *p, temp [MAXPATHLEN], *ep;
+ TEXT *modname;
+
+ /* Strip off any preceeding $INTERBASE path location from the
+--- firebird-1.0.2.908/jrd/event.c.orig 2002-06-21 20:56:55.000000000 +0200
++++ firebird-1.0.2.908/jrd/event.c 2003-10-29 20:57:01.379178496 +0100
+@@ -258,7 +258,7 @@
+ * exits, otherwise return NULL.
+ *
+ **************************************/
+-TEXT *event_file, buffer [256];
++TEXT *event_file, buffer [MAXPATHLEN];
+
+ /* If we're already initialized, there's nothing to do */
+
+--- firebird-1.0.2.908/jrd/isc.c.orig 2002-06-21 20:56:55.000000000 +0200
++++ firebird-1.0.2.908/jrd/isc.c 2003-10-29 21:00:27.988769064 +0100
+@@ -520,7 +520,7 @@
+ {
+ IB_FILE *fd;
+ TEXT *p, *q, buf[80];
+- TEXT buffer [256];
++ TEXT buffer [MAXPATHLEN];
+ #ifdef SUPERSERVER
+ int n;
+ TEXT dir_name[MAX_PATH_LENGTH];
+@@ -724,7 +724,7 @@
+ IB_FILE *fd = NULL;
+ IPCCFG h;
+ struct cfgtbl *t;
+-TEXT buffer [256];
++TEXT buffer [MAXPATHLEN];
+ int ret = 1;
+
+ if (config_file)
+--- firebird-1.0.2.908/jrd/isc_cray.c.orig 2000-08-03 22:50:47.000000000 +0200
++++ firebird-1.0.2.908/jrd/isc_cray.c 2003-10-29 21:01:52.928856208 +0100
+@@ -654,7 +654,7 @@
+ **************************************/
+ SLONG msg [3];
+ int status, pipes [2];
+-TEXT process [64], arg [10];
++TEXT process [MAXPATHLEN], arg [10];
+
+ status = kill (pid, signal_number);
+
+--- firebird-1.0.2.908/jrd/isc_ipc.c.orig 2002-06-21 20:56:55.000000000 +0200
++++ firebird-1.0.2.908/jrd/isc_ipc.c 2003-10-29 21:02:12.890821528 +0100
+@@ -773,7 +773,7 @@
+ **************************************/
+ SLONG msg [3];
+ int status, pipes [2];
+-TEXT process [64], arg [10];
++TEXT process [MAXPATHLEN], arg [10];
+
+ #ifdef NeXT
+ /* If not a UNIX signal, send to port watcher */
+--- firebird-1.0.2.908/jrd/log.c.orig 2000-08-03 22:50:56.000000000 +0200
++++ firebird-1.0.2.908/jrd/log.c 2003-10-29 21:03:49.526130728 +0100
+@@ -632,7 +632,7 @@
+ DBB dbb;
+ LOG log;
+ #ifndef STACK_REDUCTION
+-SCHAR *log_name, buffer [256];
++SCHAR *log_name, buffer [MAXPATHLEN];
+ #else
+ SCHAR *log_name, *buffer;
+ #endif /* !STACK_REDUCTION */
+@@ -640,7 +640,7 @@
+ int mask;
+
+ #ifdef STACK_REDUCTION
+-buffer = (SCHAR *)gds__alloc ((SLONG)BUFFER_MEDIUM);
++buffer = (SCHAR *)gds__alloc ((SLONG)((BUFFER_MEDIUM > MAXPATHLEN) ? BUFFER_MEDIUM : MAXPATHLEN));
+ if(!buffer) /* NOMEM: */
+ {
+ error ("can't open log file (out of memory)");
+--- firebird-1.0.2.908/jrd/svc.c.orig 2002-10-07 12:49:25.000000000 +0200
++++ firebird-1.0.2.908/jrd/svc.c 2003-10-29 21:07:08.137937144 +0100
+@@ -149,7 +149,7 @@
+ *status++ = (STATUS) ERR_string(svc,strlen(svc)); \
+ *status++ = isc_arg_end; }
+
+-#define ERR_FILE_IN_USE { TEXT buffer[256]; \
++#define ERR_FILE_IN_USE { TEXT buffer[MAXPATHLEN]; \
+ gds__prefix (buffer, LOCK_HEADER); \
+ *status++ = isc_file_in_use; \
+ *status++ = isc_arg_string; \
+@@ -849,7 +849,7 @@
+ *
+ **************************************/
+ SCHAR item, *items, *end_items, *end;
+-UCHAR buffer [256], dbbuf [1024];
++UCHAR buffer [MAXPATHLEN /* >=256 */], dbbuf [1024];
+ USHORT l, length, version, get_flags;
+ STATUS *status;
+ #ifndef WINDOWS_ONLY
+@@ -1361,7 +1361,7 @@
+ *
+ **************************************/
+ SCHAR item, *items, *end_items, *end, *p, *q;
+-UCHAR buffer [256];
++UCHAR buffer [MAXPATHLEN /* >=256 */];
+ USHORT l, length, version, get_flags;
+ USHORT num_att = 0;
+ USHORT num_dbs = 0;
+--- firebird-1.0.2.908/gpre/ftn.c.orig 2002-06-21 20:56:55.000000000 +0200
++++ firebird-1.0.2.908/gpre/ftn.c 2003-10-29 21:01:14.106758064 +0100
+@@ -1551,7 +1551,7 @@
+ TPB tpb;
+ REQ request;
+ BOOLEAN any_extern;
+-TEXT include_buffer[512];
++TEXT include_buffer[MAXPATHLEN];
+
+ #ifndef mpexl
+ ISC_prefix (include_buffer, INCLUDE_FTN_FILE);
+--- firebird-1.0.2.908/intl/dtest.c.orig 2000-08-03 22:49:04.000000000 +0200
++++ firebird-1.0.2.908/intl/dtest.c 2003-10-29 20:55:40.683446112 +0100
+@@ -124,7 +124,7 @@
+ #ifdef LIKE_JRD
+ {
+ char module[ 200 ];
+- char path[ 200 ];
++ char path[ MAXPATHLEN ];
+ char entry[ 200 ];
+ int t_type;
+ t_type = atoi( vector[ i ] );
+--- firebird-1.0.2.908/csv/csi.c.orig 2000-08-03 22:43:03.000000000 +0200
++++ firebird-1.0.2.908/csv/csi.c 2003-10-29 20:53:28.947473024 +0100
+@@ -3733,7 +3733,7 @@
+ *
+ **************************************/
+ UCHAR output [128], error [128], *p, *q, process_name [16],
+- pipe_temp [256], pipe_file [256];
++ pipe_temp [MAXPATHLEN], pipe_file [256];
+ USHORT i, len;
+ ULONG status, pid, flags, item;
+ SLONG *privileges, procpriv [2], priority;
+--- firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c.orig 2001-02-04 05:06:13.000000000 +0100
++++ firebird-1.0.2.908/firebird/bellardo/darwin/installpath.c 2003-10-29 20:55:01.392419256 +0100
+@@ -7,7 +7,7 @@
+
+ int main()
+ {
+- char buff[2048];
++ char buff[MAXPATHLEN + 10];
+ int offset;
+
+ #ifdef VAR_PATH
+--- firebird-1.0.2.908/porting/qli/help.c.orig 2003-01-04 14:08:01.000000000 +0100
++++ firebird-1.0.2.908/porting/qli/help.c 2003-10-29 20:51:01.799842864 +0100
+@@ -201,7 +201,7 @@
+ **************************************/
+ NAM *ptr, *end, name;
+ USHORT max_level;
+-TEXT target [128], **topic, *topics [16];
++TEXT target [MAXPATHLEN /* >=128 */], **topic, *topics [16];
+
+ if (!HELP_DB)
+ {