Skip to content

Commit

Permalink
Fix buffer overrun
Browse files Browse the repository at this point in the history
  • Loading branch information
@lurcher
lurcher committed Jun 2, 2022
1 parent 2ff6c44 commit c6c5471
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 5 deletions.
7 changes: 6 additions & 1 deletion DriverManager/SQLConnect.c
View file
Expand Up @@ -2400,10 +2400,15 @@ int __connect_part_two( DMHDBC connection )
#endif
if ( !(connection -> cl_handle = odbc_dlopen( name, &err )))
{
char txt[ 256 ];
char txt[ 1024 ];

#ifdef HAVE_SNPRINTF
snprintf( txt, sizeof( txt ), "Can't open cursor lib '%s' : %s",
name, err ? err : "NULL ERROR RETURN" );
#else
sprintf( txt, "Can't open cursor lib '%s' : %s",
name, err ? err : "NULL ERROR RETURN" );
#endif

dm_log_write( __FILE__,
__LINE__,
Expand Down
8 changes: 4 additions & 4 deletions exe/iusql.c
View file
Expand Up @@ -355,7 +355,7 @@ static int OpenDatabase( SQLHENV *phEnv, SQLHDBC *phDbc, char *szDSN, char *szUI
{
SQLCHAR dsn[ 1024 ], uid[ 1024 ], pwd[ 1024 ];
SQLTCHAR cstr[ 1024 ];
char zcstr[ 1024 ], tmp[ 1024 ];
char zcstr[ 1024 * 2 ], tmp[ 1024 * 8 ];
int i;
size_t zclen;

Expand All @@ -376,7 +376,7 @@ static int OpenDatabase( SQLHENV *phEnv, SQLHDBC *phDbc, char *szDSN, char *szUI
if ( szDSN )
{
size_t DSNlen=strlen( szDSN );
for ( i = 0; i < DSNlen; i ++ )
for ( i = 0; i < DSNlen && i < sizeof( dsn ) - 1; i ++ )
{
dsn[ i ] = szDSN[ i ];
}
Expand All @@ -390,7 +390,7 @@ static int OpenDatabase( SQLHENV *phEnv, SQLHDBC *phDbc, char *szDSN, char *szUI
if ( szUID )
{
size_t UIDlen=strlen( szUID );
for ( i = 0; i < UIDlen; i ++ )
for ( i = 0; i < UIDlen && i < sizeof( uid ) - 1; i ++ )
{
uid[ i ] = szUID[ i ];
}
Expand All @@ -404,7 +404,7 @@ static int OpenDatabase( SQLHENV *phEnv, SQLHDBC *phDbc, char *szDSN, char *szUI
if ( szPWD )
{
size_t PWDlen=strlen( szPWD );
for ( i = 0; i < PWDlen; i ++ )
for ( i = 0; i < PWDlen && i < sizeof( pwd ) - 1; i ++ )
{
pwd[ i ] = szPWD[ i ];
}
Expand Down

0 comments on commit c6c5471

Please sign in to comment.