diff options
| author | Olivier Bertrand <bertrandop@gmail.com> | 2015-11-08 13:21:45 +0100 |
|---|---|---|
| committer | Olivier Bertrand <bertrandop@gmail.com> | 2015-11-08 13:21:45 +0100 |
| commit | dc8a0df0a2c72a974c7e76eb8a3f945e6eed4f15 (patch) | |
| tree | fb36c7bc2d46aa5cdcfa4ed0d5b2b6fea56f8b9f | |
| parent | b35f9972c886a7b1481270b6b0b3974f6009197d (diff) | |
| download | mariadb-git-dc8a0df0a2c72a974c7e76eb8a3f945e6eed4f15.tar.gz | |
PATCH-P0-FIX-UPSTREAM: Fix possible buffer overflow (MDEV-8317)
Maintainer: Michal Hrusecky <Michal.Hrusecky@opensuse.org>
(modified by O. Bertrand --> adding and using the XSTR macro)
modified: storage/connect/tabxml.cpp
| -rw-r--r-- | storage/connect/tabxml.cpp | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/storage/connect/tabxml.cpp b/storage/connect/tabxml.cpp index 49fa9a1c554..282e02b900e 100644 --- a/storage/connect/tabxml.cpp +++ b/storage/connect/tabxml.cpp @@ -60,6 +60,7 @@ extern "C" char version[]; #endif // !__WIN__ #define TYPE_UNKNOWN 12 /* Must be greater than other types */ +#define XSTR(M) sizeof(M) - strlen(M) - 1 /* To avoid overflow*/ /***********************************************************************/ /* Class and structure used by XMLColumns. */ @@ -225,30 +226,30 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info) more: if (vp->atp) { strncpy(colname, vp->atp->GetName(g), sizeof(colname)); - strncat(xcol->Name, colname, 64); + strncat(xcol->Name, colname, XSTR(xcol->Name)); switch (vp->atp->GetText(g, buf, sizeof(buf))) { case RC_INFO: PushWarning(g, txmp); case RC_OK: - strncat(fmt, "@", sizeof(fmt)); + strncat(fmt, "@", XSTR(fmt)); break; default: goto err; } // enswitch rc if (j) - strncat(fmt, colname, sizeof(fmt)); + strncat(fmt, colname, XSTR(fmt)); } else { if (tdp->Usedom && node->GetType() != 1) continue; strncpy(colname, node->GetName(g), sizeof(colname)); - strncat(xcol->Name, colname, 64); + strncat(xcol->Name, colname, XSTR(xcol->Name)); if (j) - strncat(fmt, colname, sizeof(fmt)); + strncat(fmt, colname, XSTR(fmt)); if (j < lvl && ok) { vp = lvlp[j+1]; @@ -266,8 +267,9 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info) if (!vp->atp) node = vp->nl->GetItem(g, vp->k++, node); - strncat(strncat(fmt, colname, 125), "/", 125); - strncat(xcol->Name, "_", 64); + strncat(fmt, colname, XSTR(fmt)); + strncat(fmt, "/", XSTR(fmt)); + strncat(xcol->Name, "_", XSTR(xcol->Name)); j++; vp->n = (int)strlen(xcol->Name); vp->m = (int)strlen(fmt); |