Overview

File mariadb-5.1.50-strncat-overflow.patch of Package mariadb.import4864

PATCH-P0-FIX-UPSTREAM: Fix possible buffer overflow

strncat function is used with n not depending on current length of string we
are appending to. Result might be buffer overflow.

Maintainer: Michal Hrusecky <mhrusecky@suse.cz>

Index: mysys/mf_loadpath.c
===================================================================
--- mysys/mf_loadpath.c.orig
+++ mysys/mf_loadpath.c
@@ -45,7 +45,7 @@ char * my_load_path(char * to, const cha
     if (! my_getwd(buff,(uint) (FN_REFLEN-strlen(path)+is_cur),MYF(0)))
     {
       size_t length= strlen(buff);
-      (void) strmake(buff + length, path+is_cur, FN_REFLEN - length);
+      (void) strmake(buff + length, path+is_cur, FN_REFLEN - strlen(buff) - length);
     }
     else
       from= path;                           /* Return org file name */
openSUSE Build Service is sponsored by
Places