summaryrefslogtreecommitdiff
path: root/strings
diff options
context:
space:
mode:
authorunknown <tnurnberg@mysql.com/white.intern.koehntopp.de>2007-11-26 08:20:40 +0100
committerunknown <tnurnberg@mysql.com/white.intern.koehntopp.de>2007-11-26 08:20:40 +0100
commita905ac34b59731bb69a036306297c50742753329 (patch)
treee6e0d5c6e9e90e5a7e95d8325c0eedbee083ff12 /strings
parent77d786b5a0cd303d30b9a22a044b916078551e6c (diff)
downloadmariadb-git-a905ac34b59731bb69a036306297c50742753329.tar.gz
Bug#31752: check strmake() bounds
strmake() calls are easy to get wrong. Add checks in extra debug mode to identify possible exploits. Remove some dead code. Remove some off-by-one errors identified with new checks. sql/log.cc: fix off-by-one buffer-length argument to prevent stack smashing sql/repl_failsafe.cc: fix off-by-one buffer-length argument to prevent stack smashing sql/set_var.cc: fix off-by-one buffer-length argument to prevent stack smashing (already approved, backports #31588) sql/sql_show.cc: misdimensioned buffers: functions further down the callstack expect bufsize of FN_REFLEN sql/unireg.cc: When EXTRA_DEBUG is enabled, strmake() will write funny patterns to buffers it operates on to identify possibly overflows. This leads to badness in mysql_create_frm(), so we explicitly put any unused bytes (back) into a defined state. Not a bug-fix, but part of the strmake() bug detector. strings/strmake.c: strmake() takes maximum string length rather than buffer-length (string length + 1 to accomodate \0 terminator) as argument. Since this is easy to get wrong, add extra debug code to identify off-by-ones so we can prevent stack smashing. Alternative "BAD_STRING_COMPILER" removed after checking with Monty.
Diffstat (limited to 'strings')
-rw-r--r--strings/strmake.c30
1 files changed, 16 insertions, 14 deletions
diff --git a/strings/strmake.c b/strings/strmake.c
index d2252f648f6..47d8a04e361 100644
--- a/strings/strmake.c
+++ b/strings/strmake.c
@@ -28,23 +28,25 @@
#include <my_global.h>
#include "m_string.h"
-#ifdef BAD_STRING_COMPILER
-
-char *strmake(char *dst,const char *src,uint length)
+char *strmake(register char *dst, register const char *src, uint length)
{
- reg1 char *res;
-
- if ((res=memccpy(dst,src,0,length)))
- return res-1;
- dst[length]=0;
- return dst+length;
-}
-
-#define strmake strmake_overlapp /* Use orginal for overlapping str */
+#ifdef EXTRA_DEBUG
+ /*
+ 'length' is the maximum length of the string; the buffer needs
+ to be one character larger to accomodate the terminating '\0'.
+ This is easy to get wrong, so we make sure we write to the
+ entire length of the buffer to identify incorrect buffer-sizes.
+ We only initialise the "unused" part of the buffer here, a) for
+ efficiency, and b) because dst==src is allowed, so initialising
+ the entire buffer would overwrite the source-string. Also, we
+ write a character rather than '\0' as this makes spotting these
+ problems in the results easier.
+ */
+ uint n= strlen(src) + 1;
+ if (n <= length)
+ memset(dst + n, (int) 'Z', length - n + 1);
#endif
-char *strmake(register char *dst, register const char *src, uint length)
-{
while (length--)
if (! (*dst++ = *src++))
return dst-1;