diff --git a/server/core/adminusers.c b/server/core/adminusers.c index 2f1bc8fe8..777eee829 100644 --- a/server/core/adminusers.c +++ b/server/core/adminusers.c @@ -253,7 +253,9 @@ char* admin_remove_user( /** * Open passwd file and remove user from the file. */ - if ((home = getenv("MAXSCALE_HOME")) != NULL && strlen(home) < 1024) { + if ((home = getenv("MAXSCALE_HOME")) != NULL && + strnlen(home,PATH_MAX) < PATH_MAX && + strnlen(home,PATH_MAX) > 0) { sprintf(fname, "%s/etc/passwd", home); sprintf(fname_tmp, "%s/etc/passwd_tmp", home); } else { diff --git a/server/modules/routing/binlog/blr_file.c b/server/modules/routing/binlog/blr_file.c index b48ed6b41..880dadd37 100644 --- a/server/modules/routing/binlog/blr_file.c +++ b/server/modules/routing/binlog/blr_file.c @@ -71,7 +71,7 @@ static void blr_log_header(logfile_id_t file, char *msg, uint8_t *ptr); int blr_file_init(ROUTER_INSTANCE *router) { -char *ptr, path[1024], filename[1050]; +char *ptr, path[1025], filename[1051]; int file_found, n = 1; int root_len, i; DIR *dirp; @@ -80,12 +80,12 @@ struct dirent *dp; if (router->binlogdir == NULL) { strcpy(path, "/usr/local/skysql/MaxScale"); - if ((ptr = getenv("MAXSCALE_HOME")) != NULL) + if ((ptr = getenv("MAXSCALE_HOME")) != NULL && strnlen(ptr,1025) < 1025) { strncpy(path, ptr,PATH_MAX); } - strcat(path, "/"); - strcat(path, router->service->name); + strncat(path, "/",1024); + strncat(path, router->service->name,1024); if (access(path, R_OK) == -1) mkdir(path, 0777); @@ -196,7 +196,7 @@ unsigned char magic[] = BINLOG_MAGIC; fsync(fd); close(router->binlog_fd); spinlock_acquire(&router->binlog_lock); - strncpy(router->binlog_name, file,BINLOG_FNAMELEN+1); + strncpy(router->binlog_name, file,BINLOG_FNAMELEN); router->binlog_position = 4; /* Initial position after the magic number */ spinlock_release(&router->binlog_lock); router->binlog_fd = fd; @@ -230,7 +230,7 @@ int fd; fsync(fd); close(router->binlog_fd); spinlock_acquire(&router->binlog_lock); - strncpy(router->binlog_name, file,BINLOG_FNAMELEN+1); + strncpy(router->binlog_name, file,BINLOG_FNAMELEN); router->binlog_position = lseek(fd, 0L, SEEK_END); spinlock_release(&router->binlog_lock); router->binlog_fd = fd; @@ -290,7 +290,7 @@ blr_file_flush(ROUTER_INSTANCE *router) BLFILE * blr_open_binlog(ROUTER_INSTANCE *router, char *binlog) { -char path[1024]; +char path[1025]; BLFILE *file; spinlock_acquire(&router->fileslock); @@ -315,9 +315,9 @@ BLFILE *file; file->cache = 0; spinlock_init(&file->lock); - strcpy(path, router->binlogdir); - strcat(path, "/"); - strcat(path, binlog); + strncpy(path, router->binlogdir,1024); + strncat(path, "/",1024); + strncat(path, binlog,1024); if ((file->fd = open(path, O_RDONLY, 0666)) == -1) { @@ -630,7 +630,7 @@ struct stat statb; void blr_cache_response(ROUTER_INSTANCE *router, char *response, GWBUF *buf) { -char path[4096], *ptr; +char path[4097], *ptr; int fd; strcpy(path, "/usr/local/skysql/MaxScale"); diff --git a/server/modules/routing/maxinfo/maxinfo_parse.c b/server/modules/routing/maxinfo/maxinfo_parse.c index 06e27dd75..d7035dcc2 100644 --- a/server/modules/routing/maxinfo/maxinfo_parse.c +++ b/server/modules/routing/maxinfo/maxinfo_parse.c @@ -137,35 +137,35 @@ parse_column_list(char **ptr) int token, lookahead; char *text, *text2; MAXINFO_TREE *tree = NULL; - +MAXINFO_TREE * rval = NULL; *ptr = fetch_token(*ptr, &token, &text); *ptr = fetch_token(*ptr, &lookahead, &text2); switch (token) { case LT_STRING: - free(text2); switch (lookahead) { case LT_COMMA: - return make_tree_node(MAXOP_COLUMNS, text, NULL, + rval = make_tree_node(MAXOP_COLUMNS, text, NULL, parse_column_list(ptr)); case LT_FROM: - return make_tree_node(MAXOP_COLUMNS, text, NULL, + rval = make_tree_node(MAXOP_COLUMNS, text, NULL, NULL); default: - free(text); + break; } break; case LT_STAR: - free(text); - free(text2); if (lookahead != LT_FROM) - return make_tree_node(MAXOP_ALL_COLUMNS, NULL, NULL, + rval = make_tree_node(MAXOP_ALL_COLUMNS, NULL, NULL, NULL); + break; default: - free(text2); + break; } - return NULL; + free(text); + free(text2); + return rval; }