The strncat() method doesn't take into account the size of the existi…

…ng string so make sure that has been addressed as well (#69).
oracle · Aug 7, 2018 · 58e1201 · 58e1201
1 parent ccc448f
commit 58e1201
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/src/dpiOci.c b/src/dpiOci.c
@@ -1426,16 +1426,17 @@ static int dpiOci__findAndCheckDllArchitecture(const char *dllName,
         temp = strrchr(fullName, '\\');
         if (temp) {
             *(temp + 1) = '\0';
-            strncat(fullName, dllName, sizeof(fullName) - 1);
+            strncat(fullName, dllName,
+                    sizeof(fullName) - strlen(fullName) - 1);
             if (dpiOci__checkDllArchitecture(fullName) == 0)
                 found = 1;
         }
     }
 
     // check current directory
     if (!found && GetCurrentDirectory(sizeof(fullName), fullName) != 0) {
-        strncat(fullName, "\\", sizeof(fullName) - 1);
-        strncat(fullName, dllName, sizeof(fullName) - 1);
+        temp = fullName + strlen(fullName);
+        snprintf(temp, sizeof(fullName) - strlen(fullName), "\\%s", dllName);
         if (dpiOci__checkDllArchitecture(fullName) == 0)
             found = 1;
     }
@@ -1552,7 +1553,8 @@ static void dpiOci__loadLibOnWindows(const char *dllName)
             temp = strrchr(moduleName, '\\');
             if (temp) {
                 *(temp + 1) = '\0';
-                strncat(moduleName, dllName, sizeof(moduleName) - 1);
+                strncat(moduleName, dllName,
+                        sizeof(moduleName) - strlen(moduleName) - 1);
                 dpiOciLibHandle = LoadLibrary(moduleName);
             }
         }