arastorage/lexer : add checking the length of input data before alloc…

…ating it to buffer with fixed si$

. Description
  - next_string
     Function next_string that provides next lexem during AQL analysis tries to memcpy input data (part of AQL files) into fixed size buffer.
     Allocated buffer can fit only DB_MAX_ELEMENT_SIZE (32) bytes and the check is missing.
  - next_token
     Function next_token that provides next token during AQL analysis tries to memcpy input data (part of AQL files) into fixed size buffer.
     Allocated buffer can fit only DB_MAX_ELEMENT_SIZE (32) bytes and the check is missing.

. Mitigation
   The size of input string should be limited to DB_MAX_ELEMENT_SIZE.

framework/src/arastorage/aql_lexer.c

@@ -62,6 +62,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include "aql.h"
+#include "db_options.h"
 
 /****************************************************************************
  * Private Types
@@ -217,6 +218,11 @@ static int next_string(lexer_t *lexer, const char *s)
 	*lexer->token = STRING_VALUE;
 	lexer->input = end + 1;		/* Skip the closing delimiter. */
 
+	/* The size of value is DB_MAX_ELEMENT_SIZE defined in db_options.h */
+	if (length >= DB_MAX_ELEMENT_SIZE) {
+		return -1;
+	}
+
 	memcpy(lexer->value, s, length);
 	(*lexer->value)[length] = '\0';
 
@@ -245,6 +251,11 @@ static int next_token(lexer_t *lexer, const char *s)
 
 	*lexer->token = IDENTIFIER;
 
+	/* The size of value is DB_MAX_ELEMENT_SIZE defined in db_options.h */
+	if (length >= DB_MAX_ELEMENT_SIZE) {
+		return -1;
+	}
+
 	memcpy(lexer->value, s, length);
 	(*lexer->value)[length] = '\0';