From f0da39be7fff39f0ee47abe272e0ef96f229c7e3 Mon Sep 17 00:00:00 2001 From: Olivier Bertrand Date: Tue, 26 Nov 2019 19:22:46 +0100 Subject: - Fix MDEV-13782 Problem with NOT LIKE queries. modified: storage/connect/ha_connect.cc modified: sql/item_cmpfunc.h - Fix MDEV-21084 Misusage of strncat could cause buffer overflow. modified: storage/connect/reldef.cpp modified: storage/connect/tabcmg.cpp modified: storage/connect/tabjson.cpp modified: storage/connect/tabrest.cpp modified: storage/connect/tabxml.cpp --- storage/connect/tabrest.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'storage/connect/tabrest.cpp') diff --git a/storage/connect/tabrest.cpp b/storage/connect/tabrest.cpp index fe81c0a65be..f9acbc28ddc 100644 --- a/storage/connect/tabrest.cpp +++ b/storage/connect/tabrest.cpp @@ -162,7 +162,7 @@ PQRYRES __stdcall ColREST(PGLOBAL g, PTOS tp, char *tab, char *db, bool info) // We used the file name relative to recorded datapath strcat(strcat(strcat(strcpy(filename, "."), slash), db), slash); - strncat(filename, fn, _MAX_PATH); + strncat(filename, fn, _MAX_PATH - strlen(filename)); // Retrieve the file from the web and copy it locally if (http && grf(g->Message, trace(515), http, uri, filename)) { @@ -221,7 +221,8 @@ bool RESTDEF::DefineAM(PGLOBAL g, LPCSTR am, int poff) // We used the file name relative to recorded datapath //PlugSetPath(filename, Fn, GetPath()); - strncat(strcpy(filename, GetPath()), Fn, _MAX_PATH); + strcpy(filename, GetPath()); + strncat(filename, Fn, _MAX_PATH - strlen(filename)); // Retrieve the file from the web and copy it locally rc = grf(g->Message, xt, Http, Uri, filename); -- cgit v1.2.1