From e94166760e0778827b6b4fc205bfe7ad4b7e58ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
<grubba@grubba.org>
Date: Fri, 15 May 1998 21:29:10 +0200
Subject: [PATCH] Added some paranoia.
Rev: src/modules/Mysql/mysql.c:1.21
Rev: src/modules/system/system.c:1.51
Rev: src/object.c:1.50
---
src/modules/Mysql/mysql.c | 70 ++++++++++++++++++++++++++++---------
src/modules/system/system.c | 19 +++++++---
src/object.c | 17 ++++++---
3 files changed, 80 insertions(+), 26 deletions(-)
diff --git a/src/modules/Mysql/mysql.c b/src/modules/Mysql/mysql.c
index 82b25ec445..bacd55a30a 100644
--- a/src/modules/Mysql/mysql.c
+++ b/src/modules/Mysql/mysql.c
@@ -1,5 +1,5 @@
/*
- * $Id: mysql.c,v 1.20 1998/05/07 18:40:58 grubba Exp $
+ * $Id: mysql.c,v 1.21 1998/05/15 19:19:44 grubba Exp $
*
* SQL database functionality for Pike
*
@@ -73,7 +73,7 @@ typedef struct dynamic_buffer_s dynamic_buffer;
* Globals
*/
-RCSID("$Id: mysql.c,v 1.20 1998/05/07 18:40:58 grubba Exp $");
+RCSID("$Id: mysql.c,v 1.21 1998/05/15 19:19:44 grubba Exp $");
/*
**! module Mysql
@@ -85,7 +85,7 @@ RCSID("$Id: mysql.c,v 1.20 1998/05/07 18:40:58 grubba Exp $");
**! see also: Mysql.mysql, Mysql.result, Sql.sql
**!
**! note
-**! $Id: mysql.c,v 1.20 1998/05/07 18:40:58 grubba Exp $
+**! $Id: mysql.c,v 1.21 1998/05/15 19:19:44 grubba Exp $
**! class mysql
**!
**! Mysql.mysql is a pre-compiled Pike program. It enables
@@ -275,7 +275,11 @@ static void pike_mysql_reconnect(void)
mysql_close(socket);
MYSQL_DISALLOW();
- error("Mysql.mysql(): Couldn't select database \"%s\"\n", database);
+ if (strlen(database) < 1024) {
+ error("Mysql.mysql(): Couldn't select database \"%s\"\n", database);
+ } else {
+ error("Mysql.mysql(): Couldn't select database\n");
+ }
}
}
}
@@ -626,8 +630,13 @@ static void f_create_db(INT32 args)
error("Bad argument 1 to mysql->create_db()\n");
}
if (sp[-args].u.string->len > 127) {
- error("Database name \"%s\" is too long (max 127 characters)\n",
- sp[-args].u.string->str);
+ if (sp[-args].u.string->len < 1024) {
+ error("Database name \"%s\" is too long (max 127 characters)\n",
+ sp[-args].u.string->str);
+ } else {
+ error("Database name (length %d) is too long (max 127 characters)\n",
+ sp[-args].u.string->len);
+ }
}
database = sp[-args].u.string->str;
@@ -684,8 +693,13 @@ static void f_drop_db(INT32 args)
error("Bad argument 1 to mysql->drop_db()\n");
}
if (sp[-args].u.string->len > 127) {
- error("Database name \"%s\" is too long (max 127 characters)\n",
- sp[-args].u.string->str);
+ if (sp[-args].u.string->len < 1024) {
+ error("Database name \"%s\" is too long (max 127 characters)\n",
+ sp[-args].u.string->str);
+ } else {
+ error("Database name (length %d) is too long (max 127 characters)\n",
+ sp[-args].u.string->len);
+ }
}
database = sp[-args].u.string->str;
@@ -963,8 +977,13 @@ static void f_list_dbs(INT32 args)
error("Bad argument 1 to mysql->list_dbs()\n");
}
if (sp[-args].u.string->len > 80) {
- error("Wildcard \"%s\" is too long (max 80 characters)\n",
- sp[-args].u.string->str);
+ if (sp[-args].u.string->len < 1024) {
+ error("Wildcard \"%s\" is too long (max 80 characters)\n",
+ sp[-args].u.string->str);
+ } else {
+ error("Wildcard (length %d) is too long (max 80 characters)\n",
+ sp[-args].u.string->len);
+ }
}
wild = sp[-args].u.string->str;
}
@@ -1034,8 +1053,13 @@ static void f_list_tables(INT32 args)
error("Bad argument 1 to mysql->list_tables()\n");
}
if (sp[-args].u.string->len > 80) {
- error("Wildcard \"%s\" is too long (max 80 characters)\n",
- sp[-args].u.string->str);
+ if (sp[-args].u.string->len < 1024) {
+ error("Wildcard \"%s\" is too long (max 80 characters)\n",
+ sp[-args].u.string->str);
+ } else {
+ error("Wildcard (length %d) is too long (max 80 characters)\n",
+ sp[-args].u.string->len);
+ }
}
wild = sp[-args].u.string->str;
}
@@ -1138,8 +1162,13 @@ static void f_list_fields(INT32 args)
error("Bad argument 1 to mysql->list_fields()\n");
}
if (sp[-args].u.string->len > 125) {
- error("Table name \"%s\" is too long (max 125 characters)\n",
- sp[-args].u.string->str);
+ if (sp[-args].u.string->len < 1024) {
+ error("Table name \"%s\" is too long (max 125 characters)\n",
+ sp[-args].u.string->str);
+ } else {
+ error("Table name (length %d) is too long (max 125 characters)\n",
+ sp[-args].u.string->len);
+ }
}
table = sp[-args].u.string->str;
if (args > 1) {
@@ -1147,9 +1176,16 @@ static void f_list_fields(INT32 args)
error("Bad argument 2 to mysql->list_fields()\n");
}
if (sp[-args+1].u.string->len + sp[-args].u.string->len > 125) {
- error("Wildcard \"%s\" + table name \"%s\" is too long "
- "(max 125 characters)\n",
- sp[-args+1].u.string->str, sp[-args].u.string->str);
+ /* The length of the table name has already been checked. */
+ if (sp[-args+1].u.string->len < 1024) {
+ error("Wildcard \"%s\" + table name \"%s\" is too long "
+ "(max 125 characters)\n",
+ sp[-args+1].u.string->str, sp[-args].u.string->str);
+ } else {
+ error("Wildcard (length %d) + table name \"%s\" is too long "
+ "(max 125 characters)\n",
+ sp[-args+1].u.string->len, sp[-args].u.string->str);
+ }
}
wild = sp[-args+1].u.string->str;
}
diff --git a/src/modules/system/system.c b/src/modules/system/system.c
index 136d0f6d94..3a3ac6c440 100644
--- a/src/modules/system/system.c
+++ b/src/modules/system/system.c
@@ -1,5 +1,5 @@
/*
- * $Id: system.c,v 1.50 1998/05/13 20:13:42 grubba Exp $
+ * $Id: system.c,v 1.51 1998/05/15 19:25:32 grubba Exp $
*
* System-call module for Pike
*
@@ -14,7 +14,7 @@
#include "system.h"
#include "global.h"
-RCSID("$Id: system.c,v 1.50 1998/05/13 20:13:42 grubba Exp $");
+RCSID("$Id: system.c,v 1.51 1998/05/15 19:25:32 grubba Exp $");
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
@@ -749,8 +749,13 @@ void get_inet_addr(struct sockaddr_in *addr,char *name)
GETHOST_DECLARE;
CALL_GETHOSTBYNAME(name);
- if(!ret)
- error("Invalid address '%s'\n",name);
+ if(!ret) {
+ if (strlen(name) < 1024) {
+ error("Invalid address '%s'\n",name);
+ } else {
+ error("Invalid address\n");
+ }
+ }
#ifdef HAVE_H_ADDR_LIST
MEMCPY((char *)&(addr->sin_addr),
@@ -762,7 +767,11 @@ void get_inet_addr(struct sockaddr_in *addr,char *name)
ret->h_length);
#endif
#else
- error("Invalid address '%s'\n",name);
+ if (strlen(name) < 1024) {
+ error("Invalid address '%s'\n",name);
+ } else {
+ error("Invalid address\n");
+ }
#endif
}
}
diff --git a/src/object.c b/src/object.c
index 07399449e6..6f864acef1 100644
--- a/src/object.c
+++ b/src/object.c
@@ -4,7 +4,7 @@
||| See the files COPYING and DISCLAIMER for more information.
\*/
#include "global.h"
-RCSID("$Id: object.c,v 1.49 1998/04/26 11:42:00 hubbe Exp $");
+RCSID("$Id: object.c,v 1.50 1998/05/15 19:29:10 grubba Exp $");
#include "object.h"
#include "dynamic_buffer.h"
#include "interpret.h"
@@ -617,8 +617,13 @@ void object_set_index2(struct object *o,
{
case T_STRING:
f=find_shared_string_identifier(index->u.string, p);
- if(f<0)
- error("No such variable (%s) in object.\n", index->u.string->str);
+ if(f<0) {
+ if (index->u.string->len < 1024) {
+ error("No such variable (%s) in object.\n", index->u.string->str);
+ } else {
+ error("No such variable in object.\n");
+ }
+ }
break;
case T_LVALUE:
@@ -631,7 +636,11 @@ void object_set_index2(struct object *o,
if(f < 0)
{
- error("No such variable (%s) in object.\n", index->u.string->str);
+ if (index->u.string->len < 1024) {
+ error("No such variable (%s) in object.\n", index->u.string->str);
+ } else {
+ error("No such variable in object.\n");
+ }
}else{
object_low_set_index(o, f, from);
}
--
GitLab