Skip to content

M
mariadb
Commit dc8a0df0 authored by Olivier Bertrand's avatar Olivier Bertrand
Browse files
Options

PATCH-P0-FIX-UPSTREAM: Fix possible buffer overflow (MDEV-8317) 

Maintainer: Michal Hrusecky <Michal.Hrusecky@opensuse.org>
(modified by O. Bertrand --> adding and using the XSTR macro)
  modified:   storage/connect/tabxml.cpp
parent b35f9972
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 7 deletions
storage/connect/tabxml.cpp
View file @ dc8a0df0
...@@ -60,6 +60,7 @@ extern "C" char version[]; ...@@ -60,6 +60,7 @@ extern "C" char version[];
#endif // !__WIN__ #endif // !__WIN__
#define TYPE_UNKNOWN 12 /* Must be greater than other types */ #define TYPE_UNKNOWN 12 /* Must be greater than other types */
#define XSTR(M) sizeof(M) - strlen(M) - 1 /* To avoid overflow*/
/***********************************************************************/ /***********************************************************************/
/* Class and structure used by XMLColumns. */ /* Class and structure used by XMLColumns. */
...@@ -225,30 +226,30 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info) ...@@ -225,30 +226,30 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info)
more: more:
if (vp->atp) { if (vp->atp) {
strncpy(colname, vp->atp->GetName(g), sizeof(colname)); strncpy(colname, vp->atp->GetName(g), sizeof(colname));
strncat(xcol->Name, colname, 64); strncat(xcol->Name, colname, XSTR(xcol->Name));
switch (vp->atp->GetText(g, buf, sizeof(buf))) { switch (vp->atp->GetText(g, buf, sizeof(buf))) {
case RC_INFO: case RC_INFO:
PushWarning(g, txmp); PushWarning(g, txmp);
case RC_OK: case RC_OK:
strncat(fmt, "@", sizeof(fmt)); strncat(fmt, "@", XSTR(fmt));
break; break;
default: default:
goto err; goto err;
} // enswitch rc } // enswitch rc
if (j) if (j)
strncat(fmt, colname, sizeof(fmt)); strncat(fmt, colname, XSTR(fmt));
} else { } else {
if (tdp->Usedom && node->GetType() != 1) if (tdp->Usedom && node->GetType() != 1)
continue; continue;
strncpy(colname, node->GetName(g), sizeof(colname)); strncpy(colname, node->GetName(g), sizeof(colname));
strncat(xcol->Name, colname, 64); strncat(xcol->Name, colname, XSTR(xcol->Name));
if (j) if (j)
strncat(fmt, colname, sizeof(fmt)); strncat(fmt, colname, XSTR(fmt));
if (j < lvl && ok) { if (j < lvl && ok) {
vp = lvlp[j+1]; vp = lvlp[j+1];
...@@ -266,8 +267,9 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info) ...@@ -266,8 +267,9 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info)
if (!vp->atp) if (!vp->atp)
node = vp->nl->GetItem(g, vp->k++, node); node = vp->nl->GetItem(g, vp->k++, node);
strncat(strncat(fmt, colname, 125), "/", 125); strncat(fmt, colname, XSTR(fmt));
strncat(xcol->Name, "_", 64); strncat(fmt, "/", XSTR(fmt));
strncat(xcol->Name, "_", XSTR(xcol->Name));
j++; j++;
vp->n = (int)strlen(xcol->Name); vp->n = (int)strlen(xcol->Name);
vp->m = (int)strlen(fmt); vp->m = (int)strlen(fmt);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7