[#MDEV-21084] Statement might be overflowing a buffer in strncat

[MDEV-21084] Statement might be overflowing a buffer in strncat Created: 2019-11-19 Updated: 2019-11-27 Resolved: 2019-11-27
Status:	Closed
Project:	MariaDB Server
Component/s:	Server, Storage Engine - Connect
Affects Version/s:	10.2.29
Fix Version/s:	10.2.30, 10.3.21, 10.4.11

Type:

Bug

Priority:

Major

Reporter:

Kristyna Streitova

Assignee:

Olivier Bertrand

Resolution:

Fixed

Votes:

Labels:

buffer, overflow, server

Attachments:

mariadb-10.2.29-bufferoverflowstrncat.patch

Description

Our checker detected a probable buffer overflow in strncat call (storage/connect/reldef.cpp:503:63):

[ 3291s] I: Statement might be overflowing a buffer in strncat. Common mistake:
[ 3291s] BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
[ 3291s] GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
[ 3291s] E: mariadb bufferoverflowstrncat /home/abuild/rpmbuild/BUILD/mariadb-10.2.29/storage/connect/reldef.cpp:503:63

There are probably more of such strncat calls in the MariaDB server so it would be wise to revise all of them.

Comments

Comment by Olivier Bertrand [ 2019-11-27 ]

Thanks for spotting this error. BTW I fixed a couple of similar errors.

Generated at Thu Feb 08 09:04:28 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-21084] Statement might be overflowing a buffer in strncat Created: 2019-11-19 Updated: 2019-11-27 Resolved: 2019-11-27