MDEV-6262 follow-up: Ensure NUL termination on strncpy()

4 files changed, 15 insertions, 12 deletions

diff --git a/plugin/auth_pam/auth_pam.c b/plugin/auth_pam/auth_pam.c
index a4d1deb8ada..b37460bb385 100644
--- a/plugin/auth_pam/auth_pam.c
+++ b/plugin/auth_pam/auth_pam.c
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2011, 2012, Monty Program Ab
+   Copyright (c) 2011, 2019, MariaDB Corporation.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -140,7 +140,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
 
   if (new_username && strcmp(new_username, info->user_name))
     strncpy(info->authenticated_as, new_username,
-            sizeof(info->authenticated_as));
+            sizeof(info->authenticated_as)-1);
   info->authenticated_as[sizeof(info->authenticated_as)-1]= 0;
 
 end:
diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c
index 17d3154089f..95f99f61d8f 100644
--- a/plugin/server_audit/server_audit.c
+++ b/plugin/server_audit/server_audit.c
@@ -1056,7 +1056,7 @@ static int start_logging()
     }
     error_header();
     fprintf(stderr, "logging started to the file %s.\n", alt_fname);
-    strncpy(current_log_buf, alt_fname, sizeof(current_log_buf));
+    strncpy(current_log_buf, alt_fname, sizeof(current_log_buf)-1);
     current_log_buf[sizeof(current_log_buf)-1]= 0;
   }
   else if (output_type == OUTPUT_SYSLOG)
@@ -1064,7 +1064,8 @@ static int start_logging()
     openlog(syslog_ident, LOG_NOWAIT, syslog_facility_codes[syslog_facility]);
     error_header();
     fprintf(stderr, "logging started to the syslog.\n");
-    strncpy(current_log_buf, "[SYSLOG]", sizeof(current_log_buf));
+    strncpy(current_log_buf, "[SYSLOG]", sizeof(current_log_buf)-1);
+    compile_time_assert(sizeof current_log_buf > sizeof "[SYSLOG]");
   }
   is_active= 1;
   return 0;
@@ -2600,7 +2601,7 @@ static void update_file_path(MYSQL_THD thd,
     internal_stop_logging= 0;
   }
 
-  strncpy(path_buffer, new_name, sizeof(path_buffer));
+  strncpy(path_buffer, new_name, sizeof(path_buffer)-1);
   path_buffer[sizeof(path_buffer)-1]= 0;
   file_path= path_buffer;
 exit_func:
@@ -2653,7 +2654,7 @@ static void update_incl_users(MYSQL_THD thd,
   if (!maria_55_started || !debug_server_started)
     flogger_mutex_lock(&lock_operations);
   mark_always_logged(thd);
-  strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer));
+  strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer)-1);
   incl_user_buffer[sizeof(incl_user_buffer)-1]= 0;
   incl_users= incl_user_buffer;
   user_coll_fill(&incl_user_coll, incl_users, &excl_user_coll, 1);
@@ -2672,7 +2673,7 @@ static void update_excl_users(MYSQL_THD thd  __attribute__((unused)),
   if (!maria_55_started || !debug_server_started)
     flogger_mutex_lock(&lock_operations);
   mark_always_logged(thd);
-  strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer));
+  strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer)-1);
   excl_user_buffer[sizeof(excl_user_buffer)-1]= 0;
   excl_users= excl_user_buffer;
   user_coll_fill(&excl_user_coll, excl_users, &incl_user_coll, 0);
@@ -2804,7 +2805,7 @@ static void update_syslog_ident(MYSQL_THD thd  __attribute__((unused)),
               void *var_ptr  __attribute__((unused)), const void *save)
 {
   char *new_ident= (*(char **) save) ? *(char **) save : empty_str;
-  strncpy(syslog_ident_buffer, new_ident, sizeof(syslog_ident_buffer));
+  strncpy(syslog_ident_buffer, new_ident, sizeof(syslog_ident_buffer)-1);
   syslog_ident_buffer[sizeof(syslog_ident_buffer)-1]= 0;
   syslog_ident= syslog_ident_buffer;
   error_header();
diff --git a/storage/innobase/dict/dict0mem.cc b/storage/innobase/dict/dict0mem.cc
index c182aaba676..9d3fea03662 100644
--- a/storage/innobase/dict/dict0mem.cc
+++ b/storage/innobase/dict/dict0mem.cc
@@ -2,7 +2,7 @@
 
 Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved.
 Copyright (c) 2012, Facebook Inc.
-Copyright (c) 2018, MariaDB Corporation.
+Copyright (c) 2018, 2019, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -320,7 +320,8 @@ dict_mem_table_col_rename_low(
 	ut_ad(to_len <= NAME_LEN);
 
 	char from[NAME_LEN + 1];
-	strncpy(from, s, NAME_LEN + 1);
+	strncpy(from, s, sizeof from - 1);
+	from[sizeof from - 1] = '\0';
 
 	if (from_len == to_len) {
 		/* The easy case: simply replace the column name in
diff --git a/storage/xtradb/dict/dict0mem.cc b/storage/xtradb/dict/dict0mem.cc
index fb6895867fe..1b744a5dfe7 100644
--- a/storage/xtradb/dict/dict0mem.cc
+++ b/storage/xtradb/dict/dict0mem.cc
@@ -2,7 +2,7 @@
 
 Copyright (c) 1996, 2017, Oracle and/or its affiliates. All Rights Reserved.
 Copyright (c) 2012, Facebook Inc.
-Copyright (c) 2018, MariaDB Corporation.
+Copyright (c) 2018, 2019, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -321,7 +321,8 @@ dict_mem_table_col_rename_low(
 	ut_ad(to_len <= NAME_LEN);
 
 	char from[NAME_LEN + 1];
-	strncpy(from, s, NAME_LEN + 1);
+	strncpy(from, s, sizeof from - 1);
+	from[sizeof from - 1] = '\0';
 
 	if (from_len == to_len) {
 		/* The easy case: simply replace the column name in