diff options
| author | Olivier Bertrand <bertrandop@gmail.com> | 2016-03-25 13:02:34 +0100 |
|---|---|---|
| committer | Olivier Bertrand <bertrandop@gmail.com> | 2016-03-25 13:02:34 +0100 |
| commit | a1b2a28e55c142be63b79b3871b26640079a8849 (patch) | |
| tree | 8d3a392974597e154b5268206009b38ba3816aa0 | |
| parent | d681c50a701127cedc72dbd9f0898f7bb257f555 (diff) | |
| download | mariadb-git-a1b2a28e55c142be63b79b3871b26640079a8849.tar.gz | |
- Fix MDEV-9779. Avoid buffer overflow when setting partname.
modified: storage/connect/ha_connect.cc
modified: storage/connect/ha_connect.h
| -rw-r--r-- | storage/connect/ha_connect.cc | 22 | ||||
| -rw-r--r-- | storage/connect/ha_connect.h | 2 |
2 files changed, 13 insertions, 11 deletions
diff --git a/storage/connect/ha_connect.cc b/storage/connect/ha_connect.cc index a7840122147..67cfb29254f 100644 --- a/storage/connect/ha_connect.cc +++ b/storage/connect/ha_connect.cc @@ -757,7 +757,7 @@ ha_connect::ha_connect(handlerton *hton, TABLE_SHARE *table_arg) sdvalout= NULL; xmod= MODE_ANY; istable= false; - *partname= 0; + memset(partname, 0, sizeof(partname)); bzero((char*) &xinfo, sizeof(XINFO)); valid_info= false; valid_query_id= 0; @@ -3123,13 +3123,14 @@ int ha_connect::open(const char *name, int mode, uint test_if_locked) #if defined(WITH_PARTITION_STORAGE_ENGINE) if (table->part_info) { if (GetStringOption("Filename") || GetStringOption("Tabname") - || GetStringOption("Connect")) { - strcpy(partname, decode(g, strrchr(name, '#') + 1)); + || GetStringOption("Connect")) { + strncpy(partname, decode(g, strrchr(name, '#') + 1), sizeof(partname) - 1); // strcpy(partname, table->part_info->curr_part_elem->partition_name); - part_id= &table->part_info->full_part_field_set; +// part_id= &table->part_info->full_part_field_set; } else // Inward table - strcpy(partname, strrchr(name, slash) + 1); - part_id= &table->part_info->full_part_field_set; // Temporary + strncpy(partname, strrchr(name, slash) + 1, sizeof(partname) - 1); + + part_id= &table->part_info->full_part_field_set; // Temporary } // endif part_info #endif // WITH_PARTITION_STORAGE_ENGINE } else @@ -6144,7 +6145,7 @@ int ha_connect::create(const char *name, TABLE *table_arg, strcpy(dbpath, name); p= strrchr(dbpath, slash); - strcpy(partname, ++p); + strncpy(partname, ++p, sizeof(partname) - 1); strcat(strcat(strcpy(buf, p), "."), lwt); *p= 0; } else { @@ -6195,7 +6196,7 @@ int ha_connect::create(const char *name, TABLE *table_arg, #if defined(WITH_PARTITION_STORAGE_ENGINE) if (part_info && !inward) - strcpy(partname, decode(g, strrchr(name, '#') + 1)); + strncpy(partname, decode(g, strrchr(name, '#') + 1), sizeof(partname) - 1); // strcpy(partname, part_info->curr_part_elem->partition_name); #endif // WITH_PARTITION_STORAGE_ENGINE @@ -6236,8 +6237,9 @@ int ha_connect::create(const char *name, TABLE *table_arg, #if defined(WITH_PARTITION_STORAGE_ENGINE) if (part_info) - strcpy(partname, - decode(g, strrchr(name, (inward ? slash : '#')) + 1)); + strncpy(partname, + decode(g, strrchr(name, (inward ? slash : '#')) + 1), + sizeof(partname) - 1); #endif // WITH_PARTITION_STORAGE_ENGINE if ((rc= optimize(table->in_use, NULL))) { diff --git a/storage/connect/ha_connect.h b/storage/connect/ha_connect.h index 05cc872fa2a..669d45db25a 100644 --- a/storage/connect/ha_connect.h +++ b/storage/connect/ha_connect.h @@ -554,7 +554,7 @@ protected: PVAL sdvalin4; // Used to convert date values PVAL sdvalout; // Used to convert date values bool istable; // True for table handler - char partname[64]; // The partition name + char partname[65]; // The partition name MODE xmod; // Table mode XINFO xinfo; // The table info structure bool valid_info; // True if xinfo is valid |