diff options
| author | unknown <tnurnberg@mysql.com/white.intern.koehntopp.de> | 2007-11-26 08:20:40 +0100 |
|---|---|---|
| committer | unknown <tnurnberg@mysql.com/white.intern.koehntopp.de> | 2007-11-26 08:20:40 +0100 |
| commit | a905ac34b59731bb69a036306297c50742753329 (patch) | |
| tree | e6e0d5c6e9e90e5a7e95d8325c0eedbee083ff12 /strings/strmake.c | |
| parent | 77d786b5a0cd303d30b9a22a044b916078551e6c (diff) | |
| download | mariadb-git-a905ac34b59731bb69a036306297c50742753329.tar.gz | |
Bug#31752: check strmake() bounds
strmake() calls are easy to get wrong. Add checks in extra
debug mode to identify possible exploits.
Remove some dead code.
Remove some off-by-one errors identified with new checks.
sql/log.cc:
fix off-by-one buffer-length argument to prevent stack smashing
sql/repl_failsafe.cc:
fix off-by-one buffer-length argument to prevent stack smashing
sql/set_var.cc:
fix off-by-one buffer-length argument to prevent stack smashing
(already approved, backports #31588)
sql/sql_show.cc:
misdimensioned buffers: functions further down the callstack
expect bufsize of FN_REFLEN
sql/unireg.cc:
When EXTRA_DEBUG is enabled, strmake() will write funny patterns to
buffers it operates on to identify possibly overflows. This leads to
badness in mysql_create_frm(), so we explicitly put any unused bytes
(back) into a defined state. Not a bug-fix, but part of the strmake()
bug detector.
strings/strmake.c:
strmake() takes maximum string length rather than buffer-length
(string length + 1 to accomodate \0 terminator) as argument.
Since this is easy to get wrong, add extra debug code to identify
off-by-ones so we can prevent stack smashing.
Alternative "BAD_STRING_COMPILER" removed after checking
with Monty.
Diffstat (limited to 'strings/strmake.c')
| -rw-r--r-- | strings/strmake.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/strings/strmake.c b/strings/strmake.c index d2252f648f6..47d8a04e361 100644 --- a/strings/strmake.c +++ b/strings/strmake.c @@ -28,23 +28,25 @@ #include <my_global.h> #include "m_string.h" -#ifdef BAD_STRING_COMPILER - -char *strmake(char *dst,const char *src,uint length) +char *strmake(register char *dst, register const char *src, uint length) { - reg1 char *res; - - if ((res=memccpy(dst,src,0,length))) - return res-1; - dst[length]=0; - return dst+length; -} - -#define strmake strmake_overlapp /* Use orginal for overlapping str */ +#ifdef EXTRA_DEBUG + /* + 'length' is the maximum length of the string; the buffer needs + to be one character larger to accomodate the terminating '\0'. + This is easy to get wrong, so we make sure we write to the + entire length of the buffer to identify incorrect buffer-sizes. + We only initialise the "unused" part of the buffer here, a) for + efficiency, and b) because dst==src is allowed, so initialising + the entire buffer would overwrite the source-string. Also, we + write a character rather than '\0' as this makes spotting these + problems in the results easier. + */ + uint n= strlen(src) + 1; + if (n <= length) + memset(dst + n, (int) 'Z', length - n + 1); #endif -char *strmake(register char *dst, register const char *src, uint length) -{ while (length--) if (! (*dst++ = *src++)) return dst-1; |