database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

PATCH-P0-FIX-UPSTREAM: Fix possible buffer overflow (MDEV-8317)

Browse Source 
Maintainer: Michal Hrusecky <Michal.Hrusecky@opensuse.org>
(modified by O. Bertrand --> adding and using the XSTR macro)
  modified:   storage/connect/tabxml.cpp
This commit is contained in:
Olivier Bertrand
2015-11-08 13:21:45 +01:00
parent b35f9972c8
commit dc8a0df0a2
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
storage/connect/tabxml.cpp
View File

@@ -60,6 +60,7 @@ extern "C" char version[];
#endif // !__WIN__ #endif // !__WIN__
#define TYPE_UNKNOWN 12 /* Must be greater than other types */ #define TYPE_UNKNOWN 12 /* Must be greater than other types */
#define XSTR(M) sizeof(M) - strlen(M) - 1 /* To avoid overflow*/
/***********************************************************************/ /***********************************************************************/
/* Class and structure used by XMLColumns. */ /* Class and structure used by XMLColumns. */
@@ -225,30 +226,30 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info)
more: more:
if (vp->atp) { if (vp->atp) {
strncpy(colname, vp->atp->GetName(g), sizeof(colname)); strncpy(colname, vp->atp->GetName(g), sizeof(colname));
strncat(xcol->Name, colname, 64); strncat(xcol->Name, colname, XSTR(xcol->Name));
switch (vp->atp->GetText(g, buf, sizeof(buf))) { switch (vp->atp->GetText(g, buf, sizeof(buf))) {
case RC_INFO: case RC_INFO:
PushWarning(g, txmp); PushWarning(g, txmp);
case RC_OK: case RC_OK:
strncat(fmt, "@", sizeof(fmt)); strncat(fmt, "@", XSTR(fmt));
break; break;
default: default:
goto err; goto err;
} // enswitch rc } // enswitch rc
if (j) if (j)
strncat(fmt, colname, sizeof(fmt)); strncat(fmt, colname, XSTR(fmt));
} else { } else {
if (tdp->Usedom && node->GetType() != 1) if (tdp->Usedom && node->GetType() != 1)
continue; continue;
strncpy(colname, node->GetName(g), sizeof(colname)); strncpy(colname, node->GetName(g), sizeof(colname));
strncat(xcol->Name, colname, 64); strncat(xcol->Name, colname, XSTR(xcol->Name));
if (j) if (j)
strncat(fmt, colname, sizeof(fmt)); strncat(fmt, colname, XSTR(fmt));
if (j < lvl && ok) { if (j < lvl && ok) {
vp = lvlp[j+1]; vp = lvlp[j+1];
@@ -266,8 +267,9 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info)
if (!vp->atp) if (!vp->atp)
node = vp->nl->GetItem(g, vp->k++, node); node = vp->nl->GetItem(g, vp->k++, node);
strncat(strncat(fmt, colname, 125), "/", 125); strncat(fmt, colname, XSTR(fmt));
strncat(xcol->Name, "_", 64); strncat(fmt, "/", XSTR(fmt));
strncat(xcol->Name, "_", XSTR(xcol->Name));
j++; j++;
vp->n = (int)strlen(xcol->Name); vp->n = (int)strlen(xcol->Name);
vp->m = (int)strlen(fmt); vp->m = (int)strlen(fmt);