From c6c5471266c1641e2a4d47f1f5819009e10f8439 Mon Sep 17 00:00:00 2001
From: lurcher <nick@lurcher.org>
Date: Thu, 2 Jun 2022 09:17:39 +0100
Subject: [PATCH] Fix buffer overrun

---
 DriverManager/SQLConnect.c | 7 ++++++-
 exe/iusql.c                | 8 ++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/DriverManager/SQLConnect.c b/DriverManager/SQLConnect.c
index 6994aa4..48a5de8 100644
--- a/DriverManager/SQLConnect.c
+++ b/DriverManager/SQLConnect.c
@@ -2400,10 +2400,15 @@ int __connect_part_two( DMHDBC connection )
 #endif
             if ( !(connection -> cl_handle = odbc_dlopen( name, &err )))
             {
-                char txt[ 256 ];
+                char txt[ 1024 ];
 
+#ifdef HAVE_SNPRINTF
+                snprintf( txt, sizeof( txt ), "Can't open cursor lib '%s' : %s", 
+                    name, err ? err : "NULL ERROR RETURN" );
+#else
                 sprintf( txt, "Can't open cursor lib '%s' : %s", 
                     name, err ? err : "NULL ERROR RETURN" );
+#endif
 
                 dm_log_write( __FILE__,
                         __LINE__,
diff --git a/exe/iusql.c b/exe/iusql.c
index 6e2085e..59573d0 100644
--- a/exe/iusql.c
+++ b/exe/iusql.c
@@ -355,7 +355,7 @@ static int OpenDatabase( SQLHENV *phEnv, SQLHDBC *phDbc, char *szDSN, char *szUI
 {
     SQLCHAR dsn[ 1024 ], uid[ 1024 ], pwd[ 1024 ];
     SQLTCHAR cstr[ 1024 ];
-    char zcstr[ 1024 ], tmp[ 1024 ];
+    char zcstr[ 1024 * 2 ], tmp[ 1024 * 8 ];
     int i;
     size_t zclen;
 
@@ -376,7 +376,7 @@ static int OpenDatabase( SQLHENV *phEnv, SQLHDBC *phDbc, char *szDSN, char *szUI
     if ( szDSN )
     {
         size_t DSNlen=strlen( szDSN );
-        for ( i = 0; i < DSNlen; i ++ )
+        for ( i = 0; i < DSNlen && i < sizeof( dsn ) - 1; i ++ )
         {
             dsn[ i ] = szDSN[ i ];
         }
@@ -390,7 +390,7 @@ static int OpenDatabase( SQLHENV *phEnv, SQLHDBC *phDbc, char *szDSN, char *szUI
     if ( szUID )
     {
         size_t UIDlen=strlen( szUID );
-        for ( i = 0; i < UIDlen; i ++ )
+        for ( i = 0; i < UIDlen && i < sizeof( uid ) - 1; i ++ )
         {
             uid[ i ] = szUID[ i ];
         }
@@ -404,7 +404,7 @@ static int OpenDatabase( SQLHENV *phEnv, SQLHDBC *phDbc, char *szDSN, char *szUI
     if ( szPWD )
     {
         size_t PWDlen=strlen( szPWD );
-        for ( i = 0; i < PWDlen; i ++ )
+        for ( i = 0; i < PWDlen && i < sizeof( pwd ) - 1; i ++ )
         {
             pwd[ i ] = szPWD[ i ];
         }