1 --- firebird-1.5.0.4290/src/lock/lock.cpp.orig 2003-11-25 07:37:57.000000000 +0100
2 +++ firebird-1.5.0.4290/src/lock/lock.cpp 2004-05-29 16:46:45.238245656 +0200
4 /* The lock file has some problem - copy it for later analysis */
7 - TEXT buffer[2 * MAXPATHLEN];
8 + TEXT buffer[2 * MAXPATHLEN + 256];
9 TEXT buffer2[2 * MAXPATHLEN];
11 gds__prefix_lock(buffer, LOCK_FILE);
12 --- firebird-1.5.0.4290/src/jrd/gds.cpp.orig 2004-02-06 05:56:28.000000000 +0100
13 +++ firebird-1.5.0.4290/src/jrd/gds.cpp 2004-05-29 17:54:46.802753536 +0200
14 @@ -1573,7 +1573,10 @@
15 ib_prefix = ib_prefix_val;
18 - strcat(resultString, ib_prefix);
19 + /* beware of no length check after getenv() */
20 + if(strlen(ib_prefix) >= MAXPATHLEN)
21 + resultString[MAXPATHLEN - 1] = 0;
22 + strncat(resultString, ib_prefix, MAXPATHLEN - 1);
23 safe_concat_path(resultString, file);
25 #endif /* !defined(VMS) */
26 @@ -1662,11 +1665,14 @@
30 - strcat(ib_prefix_lock_val, ib_prefix_lock);
31 + ib_prefix_lock_val[MAXPATHLEN - 1] = 0;
32 + strncpy(ib_prefix_lock_val, ib_prefix_lock, MAXPATHLEN - 1);
33 ib_prefix_lock = ib_prefix_lock_val;
36 - strcat(string, ib_prefix_lock);
37 + if(strlen(ib_prefix_lock) >= MAXPATHLEN)
38 + string[MAXPATHLEN - 1] = 0;
39 + strncat(string, ib_prefix_lock, MAXPATHLEN - 1);
40 safe_concat_path(string, root);
43 @@ -1746,11 +1752,14 @@
44 gds__prefix(ib_prefix_msg, "");
47 - strcat(ib_prefix_msg_val, ib_prefix_msg);
48 + ib_prefix_msg_val[MAXPATHLEN - 1] = 0;
49 + strncpy(ib_prefix_msg_val, ib_prefix_msg, MAXPATHLEN - 1);
50 ib_prefix_msg = ib_prefix_msg_val;
53 - strcat(string, ib_prefix_msg);
54 + if(strlen(ib_prefix_msg) >= MAXPATHLEN)
55 + string[MAXPATHLEN - 1] = 0;
56 + strncat(string, ib_prefix_msg, MAXPATHLEN - 1);
57 safe_concat_path(string, root);