Commit 8c9fd074 authored by Olivier Bertrand's avatar Olivier Bertrand

- Fix MDEV-9779. Avoid buffer overflow when setting partname.

  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/ha_connect.h
parent 2c4715b3
...@@ -757,7 +757,7 @@ ha_connect::ha_connect(handlerton *hton, TABLE_SHARE *table_arg) ...@@ -757,7 +757,7 @@ ha_connect::ha_connect(handlerton *hton, TABLE_SHARE *table_arg)
sdvalout= NULL; sdvalout= NULL;
xmod= MODE_ANY; xmod= MODE_ANY;
istable= false; istable= false;
*partname= 0; memset(partname, 0, sizeof(partname));
bzero((char*) &xinfo, sizeof(XINFO)); bzero((char*) &xinfo, sizeof(XINFO));
valid_info= false; valid_info= false;
valid_query_id= 0; valid_query_id= 0;
...@@ -3123,13 +3123,14 @@ int ha_connect::open(const char *name, int mode, uint test_if_locked) ...@@ -3123,13 +3123,14 @@ int ha_connect::open(const char *name, int mode, uint test_if_locked)
#if defined(WITH_PARTITION_STORAGE_ENGINE) #if defined(WITH_PARTITION_STORAGE_ENGINE)
if (table->part_info) { if (table->part_info) {
if (GetStringOption("Filename") || GetStringOption("Tabname") if (GetStringOption("Filename") || GetStringOption("Tabname")
|| GetStringOption("Connect")) { || GetStringOption("Connect")) {
strcpy(partname, decode(g, strrchr(name, '#') + 1)); strncpy(partname, decode(g, strrchr(name, '#') + 1), sizeof(partname) - 1);
// strcpy(partname, table->part_info->curr_part_elem->partition_name); // strcpy(partname, table->part_info->curr_part_elem->partition_name);
part_id= &table->part_info->full_part_field_set; // part_id= &table->part_info->full_part_field_set;
} else // Inward table } else // Inward table
strcpy(partname, strrchr(name, slash) + 1); strncpy(partname, strrchr(name, slash) + 1, sizeof(partname) - 1);
part_id= &table->part_info->full_part_field_set; // Temporary
part_id= &table->part_info->full_part_field_set; // Temporary
} // endif part_info } // endif part_info
#endif // WITH_PARTITION_STORAGE_ENGINE #endif // WITH_PARTITION_STORAGE_ENGINE
} else } else
...@@ -6144,7 +6145,7 @@ int ha_connect::create(const char *name, TABLE *table_arg, ...@@ -6144,7 +6145,7 @@ int ha_connect::create(const char *name, TABLE *table_arg,
strcpy(dbpath, name); strcpy(dbpath, name);
p= strrchr(dbpath, slash); p= strrchr(dbpath, slash);
strcpy(partname, ++p); strncpy(partname, ++p, sizeof(partname) - 1);
strcat(strcat(strcpy(buf, p), "."), lwt); strcat(strcat(strcpy(buf, p), "."), lwt);
*p= 0; *p= 0;
} else { } else {
...@@ -6195,7 +6196,7 @@ int ha_connect::create(const char *name, TABLE *table_arg, ...@@ -6195,7 +6196,7 @@ int ha_connect::create(const char *name, TABLE *table_arg,
#if defined(WITH_PARTITION_STORAGE_ENGINE) #if defined(WITH_PARTITION_STORAGE_ENGINE)
if (part_info && !inward) if (part_info && !inward)
strcpy(partname, decode(g, strrchr(name, '#') + 1)); strncpy(partname, decode(g, strrchr(name, '#') + 1), sizeof(partname) - 1);
// strcpy(partname, part_info->curr_part_elem->partition_name); // strcpy(partname, part_info->curr_part_elem->partition_name);
#endif // WITH_PARTITION_STORAGE_ENGINE #endif // WITH_PARTITION_STORAGE_ENGINE
...@@ -6236,8 +6237,9 @@ int ha_connect::create(const char *name, TABLE *table_arg, ...@@ -6236,8 +6237,9 @@ int ha_connect::create(const char *name, TABLE *table_arg,
#if defined(WITH_PARTITION_STORAGE_ENGINE) #if defined(WITH_PARTITION_STORAGE_ENGINE)
if (part_info) if (part_info)
strcpy(partname, strncpy(partname,
decode(g, strrchr(name, (inward ? slash : '#')) + 1)); decode(g, strrchr(name, (inward ? slash : '#')) + 1),
sizeof(partname) - 1);
#endif // WITH_PARTITION_STORAGE_ENGINE #endif // WITH_PARTITION_STORAGE_ENGINE
if ((rc= optimize(table->in_use, NULL))) { if ((rc= optimize(table->in_use, NULL))) {
......
...@@ -554,7 +554,7 @@ int index_prev(uchar *buf); ...@@ -554,7 +554,7 @@ int index_prev(uchar *buf);
PVAL sdvalin4; // Used to convert date values PVAL sdvalin4; // Used to convert date values
PVAL sdvalout; // Used to convert date values PVAL sdvalout; // Used to convert date values
bool istable; // True for table handler bool istable; // True for table handler
char partname[128]; // The partition name char partname[65]; // The partition name
MODE xmod; // Table mode MODE xmod; // Table mode
XINFO xinfo; // The table info structure XINFO xinfo; // The table info structure
bool valid_info; // True if xinfo is valid bool valid_info; // True if xinfo is valid
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment