Overview

File unixODBC-2.2.12-CVE-2011-1145.patch of Package unixODBC

--- trunk/DriverManager/SQLDriverConnect.c	2011/01/12 15:50:07	23
+++ trunk/DriverManager/SQLDriverConnect.c	2011/03/09 15:38:55	27
@@ -664,7 +664,7 @@
 {
     DMHDBC connection = (DMHDBC)hdbc;
     struct con_struct con_struct;
-    char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ 128 ];
+    char *driver, *dsn = NULL, *filedsn, *tsavefile, savefile[ INI_MAX_PROPERTY_VALUE + 1 ];
     char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ];
     char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ];
     SQLRETURN ret_from_connect;
@@ -969,7 +969,13 @@
     tsavefile = __get_attribute_value( &con_struct, "SAVEFILE" );
     if ( tsavefile )
     {
-        strcpy( savefile, tsavefile );
+        if ( strlen( tsavefile ) > INI_MAX_PROPERTY_VALUE ) {
+            memcpy( savefile, tsavefile, INI_MAX_PROPERTY_VALUE );
+            savefile[ INI_MAX_PROPERTY_VALUE ] = '\0';
+        }
+        else {
+            strcpy( savefile, tsavefile );
+        }
     }
     else
     {
openSUSE Build Service is sponsored by
Places