Skip to content

Commit 5d45418

Browse files
dr-mdr-m
committed
MDEV-6262 follow-up: Ensure NUL termination on strncpy()
1 parent 149b754 commit 5d45418

File tree

4 files changed

+15
-12
lines changed

4 files changed

+15
-12
lines changed

plugin/auth_pam/auth_pam.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
Copyright (c) 2011, 2012, Monty Program Ab
2+
Copyright (c) 2011, 2019, MariaDB Corporation.
33
44
This program is free software; you can redistribute it and/or modify
55
it under the terms of the GNU General Public License as published by
@@ -140,7 +140,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
140140

141141
if (new_username && strcmp(new_username, info->user_name))
142142
strncpy(info->authenticated_as, new_username,
143-
sizeof(info->authenticated_as));
143+
sizeof(info->authenticated_as)-1);
144144
info->authenticated_as[sizeof(info->authenticated_as)-1]= 0;
145145

146146
end:

plugin/server_audit/server_audit.c

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1056,15 +1056,16 @@ static int start_logging()
10561056
}
10571057
error_header();
10581058
fprintf(stderr, "logging started to the file %s.\n", alt_fname);
1059-
strncpy(current_log_buf, alt_fname, sizeof(current_log_buf));
1059+
strncpy(current_log_buf, alt_fname, sizeof(current_log_buf)-1);
10601060
current_log_buf[sizeof(current_log_buf)-1]= 0;
10611061
}
10621062
else if (output_type == OUTPUT_SYSLOG)
10631063
{
10641064
openlog(syslog_ident, LOG_NOWAIT, syslog_facility_codes[syslog_facility]);
10651065
error_header();
10661066
fprintf(stderr, "logging started to the syslog.\n");
1067-
strncpy(current_log_buf, "[SYSLOG]", sizeof(current_log_buf));
1067+
strncpy(current_log_buf, "[SYSLOG]", sizeof(current_log_buf)-1);
1068+
compile_time_assert(sizeof current_log_buf > sizeof "[SYSLOG]");
10681069
}
10691070
is_active= 1;
10701071
return 0;
@@ -2600,7 +2601,7 @@ static void update_file_path(MYSQL_THD thd,
26002601
internal_stop_logging= 0;
26012602
}
26022603

2603-
strncpy(path_buffer, new_name, sizeof(path_buffer));
2604+
strncpy(path_buffer, new_name, sizeof(path_buffer)-1);
26042605
path_buffer[sizeof(path_buffer)-1]= 0;
26052606
file_path= path_buffer;
26062607
exit_func:
@@ -2653,7 +2654,7 @@ static void update_incl_users(MYSQL_THD thd,
26532654
if (!maria_55_started || !debug_server_started)
26542655
flogger_mutex_lock(&lock_operations);
26552656
mark_always_logged(thd);
2656-
strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer));
2657+
strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer)-1);
26572658
incl_user_buffer[sizeof(incl_user_buffer)-1]= 0;
26582659
incl_users= incl_user_buffer;
26592660
user_coll_fill(&incl_user_coll, incl_users, &excl_user_coll, 1);
@@ -2672,7 +2673,7 @@ static void update_excl_users(MYSQL_THD thd __attribute__((unused)),
26722673
if (!maria_55_started || !debug_server_started)
26732674
flogger_mutex_lock(&lock_operations);
26742675
mark_always_logged(thd);
2675-
strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer));
2676+
strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer)-1);
26762677
excl_user_buffer[sizeof(excl_user_buffer)-1]= 0;
26772678
excl_users= excl_user_buffer;
26782679
user_coll_fill(&excl_user_coll, excl_users, &incl_user_coll, 0);
@@ -2804,7 +2805,7 @@ static void update_syslog_ident(MYSQL_THD thd __attribute__((unused)),
28042805
void *var_ptr __attribute__((unused)), const void *save)
28052806
{
28062807
char *new_ident= (*(char **) save) ? *(char **) save : empty_str;
2807-
strncpy(syslog_ident_buffer, new_ident, sizeof(syslog_ident_buffer));
2808+
strncpy(syslog_ident_buffer, new_ident, sizeof(syslog_ident_buffer)-1);
28082809
syslog_ident_buffer[sizeof(syslog_ident_buffer)-1]= 0;
28092810
syslog_ident= syslog_ident_buffer;
28102811
error_header();

storage/innobase/dict/dict0mem.cc

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
33
Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved.
44
Copyright (c) 2012, Facebook Inc.
5-
Copyright (c) 2018, MariaDB Corporation.
5+
Copyright (c) 2018, 2019, MariaDB Corporation.
66
77
This program is free software; you can redistribute it and/or modify it under
88
the terms of the GNU General Public License as published by the Free Software
@@ -320,7 +320,8 @@ dict_mem_table_col_rename_low(
320320
ut_ad(to_len <= NAME_LEN);
321321

322322
char from[NAME_LEN + 1];
323-
strncpy(from, s, NAME_LEN + 1);
323+
strncpy(from, s, sizeof from - 1);
324+
from[sizeof from - 1] = '\0';
324325

325326
if (from_len == to_len) {
326327
/* The easy case: simply replace the column name in

storage/xtradb/dict/dict0mem.cc

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
33
Copyright (c) 1996, 2017, Oracle and/or its affiliates. All Rights Reserved.
44
Copyright (c) 2012, Facebook Inc.
5-
Copyright (c) 2018, MariaDB Corporation.
5+
Copyright (c) 2018, 2019, MariaDB Corporation.
66
77
This program is free software; you can redistribute it and/or modify it under
88
the terms of the GNU General Public License as published by the Free Software
@@ -321,7 +321,8 @@ dict_mem_table_col_rename_low(
321321
ut_ad(to_len <= NAME_LEN);
322322

323323
char from[NAME_LEN + 1];
324-
strncpy(from, s, NAME_LEN + 1);
324+
strncpy(from, s, sizeof from - 1);
325+
from[sizeof from - 1] = '\0';
325326

326327
if (from_len == to_len) {
327328
/* The easy case: simply replace the column name in

0 commit comments

Comments
 (0)