- Fix MDEV-13782

  Problem with NOT LIKE queries.
  modified:   storage/connect/ha_connect.cc
  modified:   sql/item_cmpfunc.h

- Fix MDEV-21084
  Misusage of strncat could cause buffer overflow.
  modified:   storage/connect/reldef.cpp
  modified:   storage/connect/tabcmg.cpp
  modified:   storage/connect/tabjson.cpp
  modified:   storage/connect/tabrest.cpp
  modified:   storage/connect/tabxml.cpp

7 files changed, 54 insertions, 35 deletions

diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h
index 0a5abfe6273..b4a905896db 100644
--- a/sql/item_cmpfunc.h
+++ b/sql/item_cmpfunc.h
@@ -1899,7 +1899,6 @@ class Item_func_like :public Item_bool_func2
 
   bool escape_used_in_parsing;
   bool use_sampling;
-  bool negated;
 
   DTCollation cmp_collation;
   String cmp_value1, cmp_value2;
@@ -1916,6 +1915,7 @@ protected:
                        Item_func::Functype type, Item *value);
 public:
   int escape;
+	bool negated;
 
   Item_func_like(THD *thd, Item *a, Item *b, Item *escape_arg, bool escape_used):
     Item_bool_func2(thd, a, b), canDoTurboBM(FALSE), pattern(0), pattern_len(0),
diff --git a/storage/connect/ha_connect.cc b/storage/connect/ha_connect.cc
index 91fef719ee7..cc9e7d1b55c 100644
--- a/storage/connect/ha_connect.cc
+++ b/storage/connect/ha_connect.cc
@@ -2966,10 +2966,10 @@ PCFIL ha_connect::CheckCond(PGLOBAL g, PCFIL filp, const Item *cond)
 			case Item_func::LE_FUNC:     vop= OP_LE;   break;
 			case Item_func::GE_FUNC:     vop= OP_GE;   break;
 			case Item_func::GT_FUNC:     vop= OP_GT;   break;
-			//case Item_func::LIKE_FUNC:
-			//	vop = OP_LIKE;
-			//  neg= ((Item_func_like*)condf)->negated;
-			//  break;
+			case Item_func::LIKE_FUNC:
+				vop = OP_LIKE;
+			  neg= ((Item_func_like*)condf)->negated;
+			  break;
 			case Item_func::ISNOTNULL_FUNC:
 				neg= true;	
 				// fall through
diff --git a/storage/connect/reldef.cpp b/storage/connect/reldef.cpp
index 88c28757588..ffe5f77661d 100644
--- a/storage/connect/reldef.cpp
+++ b/storage/connect/reldef.cpp
@@ -624,7 +624,8 @@ PTABDEF OEMDEF::GetXdef(PGLOBAL g)
     return NULL;
   } else
 //  PlugSetPath(soname, Module, GetPluginDir());  // Crashes on Fedora
-    strncat(strcpy(soname, GetPluginDir()), Module, _MAX_PATH);
+    strncat(strcpy(soname, GetPluginDir()), Module,
+			sizeof(soname) - strlen(soname) - 1);
 
 #if defined(__WIN__)
   // Is the DLL already loaded?
diff --git a/storage/connect/tabcmg.cpp b/storage/connect/tabcmg.cpp
index da1cfd34ac7..b9b7f6e4b60 100644
--- a/storage/connect/tabcmg.cpp
+++ b/storage/connect/tabcmg.cpp
@@ -53,25 +53,30 @@ bool CMGDISC::FindInDoc(PGLOBAL g, bson_iter_t *iter, const bson_t *doc,
 {
 	if (!doc || bson_iter_init(iter, doc)) {
 		const char *key;
-		char  colname[65];
-		char 	fmt[129];
-		bool  newcol;
+		char   colname[65];
+		char 	 fmt[129];
+		bool   newcol;
+		size_t n;
 
 		while (bson_iter_next(iter)) {
 			key = bson_iter_key(iter);
 			newcol = true;
 
 			if (pcn) {
-				strncpy(colname, pcn, 64);
-				colname[64] = 0;
-				strncat(strncat(colname, "_", 65), key, 65);
+				n = sizeof(colname) - 1;
+				strncpy(colname, pcn, n);
+				colname[n] = 0;
+				n -= strlen(colname);
+				strncat(strncat(colname, "_", n), key, n - 1);
 			}	else
 				strcpy(colname, key);
 
 			if (pfmt) {
-				strncpy(fmt, pfmt, 128);
-				fmt[128] = 0;
-				strncat(strncat(fmt, ".", 129), key, 129);
+				n = sizeof(fmt) - 1;
+				strncpy(fmt, pfmt, n);
+				fmt[n] = 0;
+				n -= strlen(fmt);
+				strncat(strncat(fmt, ".", n), key, n - 1);
 			} else
 				strcpy(fmt, key);
 
diff --git a/storage/connect/tabjson.cpp b/storage/connect/tabjson.cpp
index 0b282345c8a..7e8d6c8d9f0 100644
--- a/storage/connect/tabjson.cpp
+++ b/storage/connect/tabjson.cpp
@@ -394,10 +394,11 @@ err:
 
 bool JSONDISC::Find(PGLOBAL g, PJVAL jvp, PCSZ key, int j)
 {
-  char *p, *pc = colname + strlen(colname);
-  int   ars;
-  PJOB  job;
-  PJAR  jar;
+  char  *p, *pc = colname + strlen(colname);
+  int    ars;
+	size_t n;
+  PJOB   job;
+  PJAR   jar;
 
   if ((valp = jvp ? jvp->GetValue() : NULL)) {
     jcol.Type = valp->GetType();
@@ -423,8 +424,10 @@ bool JSONDISC::Find(PGLOBAL g, PJVAL jvp, PCSZ key, int j)
           PCSZ k = jrp->GetKey();
 
           if (*k != '$') {
-            strncat(strncat(fmt, sep, 128), k, 128);
-            strncat(strncat(colname, "_", 64), k, 64);
+						n = sizeof(fmt) - strlen(fmt) -1;
+						strncat(strncat(fmt, sep, n), k, n - strlen(sep));
+						n = sizeof(colname) - strlen(colname) - 1;
+						strncat(strncat(colname, "_", n), k, n - 1);
           } // endif Key
 
           if (Find(g, jrp->GetVal(), k, j + 1))
@@ -443,19 +446,26 @@ bool JSONDISC::Find(PGLOBAL g, PJVAL jvp, PCSZ key, int j)
           ars = MY_MIN(jar->GetSize(false), 1);
 
         for (int k = 0; k < ars; k++) {
-          if (!tdp->Xcol || stricmp(tdp->Xcol, key)) {
-            sprintf(buf, "%d", k);
-
-            if (tdp->Uri)
-              strncat(strncat(fmt, sep, 128), buf, 128);
-            else
-              strncat(strncat(strncat(fmt, "[", 128), buf, 128), "]", 128);
+					n = sizeof(fmt) - (strlen(fmt) + 1);
 
-            if (all)
-              strncat(strncat(colname, "_", 64), buf, 64);
+					if (!tdp->Xcol || stricmp(tdp->Xcol, key)) {
+            sprintf(buf, "%d", k);
 
-          } else
-            strncat(fmt, (tdp->Uri ? sep : "[*]"), 128);
+						if (tdp->Uri) {
+							strncat(strncat(fmt, sep, n), buf, n - strlen(sep));
+						} else {
+							strncat(strncat(fmt, "[", n), buf, n - 1);
+							strncat(fmt, "]", n - (strlen(buf) + 1));
+						} // endif uri
+
+						if (all) {
+							n = sizeof(colname) - (strlen(colname) + 1);
+							strncat(strncat(colname, "_", n), buf, n - 1);
+						} // endif all
+
+					} else {
+						strncat(fmt, (tdp->Uri ? sep : "[*]"), n);
+					}
 
           if (Find(g, jar->GetValue(k), "", j))
             return true;
diff --git a/storage/connect/tabrest.cpp b/storage/connect/tabrest.cpp
index fe81c0a65be..f9acbc28ddc 100644
--- a/storage/connect/tabrest.cpp
+++ b/storage/connect/tabrest.cpp
@@ -162,7 +162,7 @@ PQRYRES __stdcall ColREST(PGLOBAL g, PTOS tp, char *tab, char *db, bool info)
 
   //  We used the file name relative to recorded datapath
   strcat(strcat(strcat(strcpy(filename, "."), slash), db), slash);
-  strncat(filename, fn, _MAX_PATH);
+  strncat(filename, fn, _MAX_PATH - strlen(filename));
 
   // Retrieve the file from the web and copy it locally
 	if (http && grf(g->Message, trace(515), http, uri, filename)) {
@@ -221,7 +221,8 @@ bool RESTDEF::DefineAM(PGLOBAL g, LPCSTR am, int poff)
 
   //  We used the file name relative to recorded datapath
   //PlugSetPath(filename, Fn, GetPath());
-  strncat(strcpy(filename, GetPath()), Fn, _MAX_PATH);
+  strcpy(filename, GetPath());
+	strncat(filename, Fn, _MAX_PATH - strlen(filename));
 
   // Retrieve the file from the web and copy it locally
 	rc = grf(g->Message, xt, Http, Uri, filename);
diff --git a/storage/connect/tabxml.cpp b/storage/connect/tabxml.cpp
index 19490d350e8..717090e9c5a 100644
--- a/storage/connect/tabxml.cpp
+++ b/storage/connect/tabxml.cpp
@@ -240,7 +240,9 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info)
 
      more:
       if (vp->atp) {
-        strncpy(colname, vp->atp->GetName(g), sizeof(colname));
+				size_t z = sizeof(colname) - 1;
+        strncpy(colname, vp->atp->GetName(g), z);
+				colname[z] = 0;
 				strncat(xcol->Name, colname, XLEN(xcol->Name));
 
         switch (vp->atp->GetText(g, buf, sizeof(buf))) {