Fixes to Coverity defects 83027 73421 72714 72671 72646 72642

2014-12-03 17:56:22 +02:00 · 2014-12-03 17:56:22 +02:00 · 1e2027f4dc
commit 1e2027f4dc
parent 89c3b01925
6 changed files with 11 additions and 11 deletions
--- a/log_manager/log_manager.cc
+++ b/log_manager/log_manager.cc
@ -3111,9 +3111,9 @@ static int find_last_seqno(
 		{
 			if (snstr != NULL && i == seqnoidx)
 			{
-				strcat(filename, snstr); /*< add sequence number */
+				strncat(filename, snstr, NAME_MAX); /*< add sequence number */
 			}
-			strcat(filename, p->sp_string);
+			strncat(filename, p->sp_string, NAME_MAX);
 			
 			if (p->sp_next == NULL)
 			{
--- a/server/core/modutil.c
+++ b/server/core/modutil.c
@ -293,7 +293,7 @@ GWBUF *modutil_create_mysql_err_msg(
 	const char	*msg)
 {
 	uint8_t		*outbuf = NULL;
-	uint8_t		mysql_payload_size = 0;
+	uint32_t		mysql_payload_size = 0;
 	uint8_t		mysql_packet_header[4];
 	uint8_t		*mysql_payload = NULL;
 	uint8_t		field_count = 0;
--- a/server/core/test/test_mysql_users.c
+++ b/server/core/test/test_mysql_users.c
@ -231,9 +231,9 @@ int set_and_get_mysql_users_wildcards(char *username, char *hostname, char *pass
 	service->users = mysql_users;

 	if (db_from != NULL)
-		strcpy(data->db, db_from);
+		strncpy(data->db, db_from,MYSQL_DATABASE_MAXLEN+1);
 	else
-		strcpy(data->db, "");
+		strncpy(data->db, "",MYSQL_DATABASE_MAXLEN+1);

 	/* freed by dcb_free(dcb) */
 	dcb->data = data;
--- a/server/modules/protocol/httpd.c
+++ b/server/modules/protocol/httpd.c
@ -177,7 +177,7 @@ HTTPD_session *client_data = NULL;
 		j++;
 	}

-	while (!ISspace(buf[j]) && (i < sizeof(url) - 1) && (j < sizeof(buf) - 1)) {
+	while ((j < sizeof(buf) - 1) && !ISspace(buf[j]) && (i < sizeof(url) - 1)) {
 		url[i] = buf[j];
 		i++; j++;
 	}
--- a/server/modules/protocol/mysql_backend.c
+++ b/server/modules/protocol/mysql_backend.c
@ -1329,7 +1329,7 @@ static int gw_change_user(

 	/* now get the user, after 4 bytes header and 1 byte command */
 	client_auth_packet += 5;
-	strcpy(username,  (char *)client_auth_packet);
+	strncpy(username,  (char *)client_auth_packet,MYSQL_USER_MAXLEN+1);
 	client_auth_packet += strlen(username) + 1;

 	/* get the auth token len */
@ -1350,7 +1350,7 @@ static int gw_change_user(
        }

 	/* get new database name */
-	strcpy(database, (char *)client_auth_packet);
+		strncpy(database, (char *)client_auth_packet,MYSQL_DATABASE_MAXLEN+1);

 	/* get character set */
 	if (strlen(database)) {
@ -1363,7 +1363,7 @@ static int gw_change_user(
 		memcpy(&backend_protocol->charset, client_auth_packet, sizeof(int));

 	/* save current_database name */
-	strcpy(current_database, current_session->db);
+	strncpy(current_database, current_session->db,MYSQL_DATABASE_MAXLEN+1);

 	/*
 	 * Now clear database name in dcb as we don't do local authentication on db name for change user.
--- a/server/modules/protocol/mysql_common.c
+++ b/server/modules/protocol/mysql_common.c
@ -969,7 +969,7 @@ GWBUF* mysql_create_custom_error(
        const char* msg)
 {
        uint8_t*     outbuf = NULL;
-        uint8_t      mysql_payload_size = 0;
+        uint32_t      mysql_payload_size = 0;
        uint8_t      mysql_packet_header[4];
        uint8_t*     mysql_payload = NULL;
        uint8_t      field_count = 0;
@ -1579,7 +1579,7 @@ mysql_send_auth_error (
        const char  *mysql_message) 
 {
        uint8_t *outbuf = NULL;
-        uint8_t mysql_payload_size = 0;
+        uint32_t mysql_payload_size = 0;
        uint8_t mysql_packet_header[4];
        uint8_t *mysql_payload = NULL;
        uint8_t field_count = 0;