1 files changed, 79 insertions, 0 deletions

diff --git a/dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch b/dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch
new file mode 100644
index 000000000000..1615fb4d4389
--- /dev/null
+++ b/dev-db/xbsql/files/xbsql-0.11-bfr-overflow.patch
@@ -0,0 +1,79 @@
+ xbsql/xb_fieldset.cpp |  6 +++---
+ xbsql/xbsql.cpp       | 20 ++++++++++----------
+ 2 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/xbsql/xb_fieldset.cpp b/xbsql/xb_fieldset.cpp
+index ea9e726..f922ed3 100644
+--- a/xbsql/xb_fieldset.cpp
++++ b/xbsql/xb_fieldset.cpp
+@@ -58,10 +58,10 @@ XBSQL::Index
+ 	if ((fldno < 0) || (fldno >= fieldSet.getNumFields()))
+ 		return	XBSQL::IndexNone	;
+ 
+-	char	buff[255]	;
+-	strncpy	(buff, tabname,		    sizeof(buff)) ;
++	char	buff[256]	;
++	strncpy	(buff, tabname,		    sizeof(buff) - 1) ;
+ 	strncat	(buff, "_",		    sizeof(buff)) ;
+-	strncat	(buff, getFieldName(fldno), sizeof(buff)) ;
++	strncat	(buff, getFieldName(fldno), sizeof(buff) - strlen(tabname) - 1) ;
+ 
+ 	const char *path = xbase->getPath (buff, "ndx")	;
+ 	int	fd	 = open (path, O_RDONLY)	;
+diff --git a/xbsql/xbsql.cpp b/xbsql/xbsql.cpp
+index 9d07f88..96304c4 100644
+--- a/xbsql/xbsql.cpp
++++ b/xbsql/xbsql.cpp
+@@ -376,9 +376,9 @@ bool	XBaseSQL::createTable
+ 			char	name	[256]	   ;
+ 			xbNdx 	ndxFile	(&dbfFile) ;
+ 
+-			strncpy	(name, table,			sizeof(name)) ;
++			strncpy	(name, table,			sizeof(name) - 1) ;
+ 			strncat	(name, "_",   			sizeof(name)) ;
+-			strncat	(name, schema[idx].FieldName,	sizeof(name)) ;
++			strncat	(name, schema[idx].FieldName,	sizeof(name) - strlen(table) - 1) ;
+ 
+ 			path	= getPath (name, "ndx") ;
+ 			idxflag	= index[idx] == XBSQL::IndexUnique ?
+@@ -467,9 +467,9 @@ XBSQLTable *XBaseSQL::openTable
+ 	{
+ 		char	name[256]	;
+ 
+-		strncpy	(name, table,			sizeof(name)) ;
++		strncpy	(name, table,			sizeof(name) - 1) ;
+ 		strncat	(name, "_",			sizeof(name)) ;
+-		strncat	(name, fSet.getFieldName (idx),	sizeof(name)) ;
++		strncat	(name, fSet.getFieldName (idx),	sizeof(name) - strlen(table) - 1) ;
+ 
+ 		path	= getPath (name, "ndx") ;
+ #ifndef _WIN32
+@@ -873,12 +873,12 @@ bool	XBaseSQL::renameTable
+ 			char		_newName[256]	;
+ 			const char	*fname	= fSet.getFieldName (idx) ;
+ 
+-			strncpy	(_oldName, oldName, sizeof(_oldName)) ;
++			strncpy	(_oldName, oldName, sizeof(_oldName) - 1) ;
+ 			strncat	(_oldName, "_",     sizeof(_oldName)) ;
+-			strncat	(_oldName, fname,   sizeof(_oldName)) ;
+-			strncpy	(_newName, newName, sizeof(_newName)) ;
++			strncat	(_oldName, fname,   sizeof(_oldName) - strlen(oldName) - 1) ;
++			strncpy	(_newName, newName, sizeof(_newName) - 1) ;
+ 			strncat	(_newName, "_",	    sizeof(_newName)) ;
+-			strncat	(_newName, fname,   sizeof(_newName)) ;
++			strncat	(_newName, fname,   sizeof(_newName) - strlen(newName) - 1) ;
+ 
+ 			oldAnon	= getPath (_oldName, "ndx") ;
+ 			newAnon	= getPath (_newName, "ndx") ;
+@@ -956,9 +956,9 @@ bool	XBaseSQL::dropTable
+ 			char		_idxName[256]	;
+ 			const char	*fname	= fSet.getFieldName (idx) ;
+ 
+-			strncpy	(_idxName, table, sizeof(_idxName)) ;
++			strncpy	(_idxName, table, sizeof(_idxName) - 1) ;
+ 			strncat	(_idxName, "_",   sizeof(_idxName)) ;
+-			strncat	(_idxName, fname, sizeof(_idxName)) ;
++			strncat	(_idxName, fname, sizeof(_idxName) - strlen(table) - 1) ;
+ 
+ 			tabAnon	= getPath (_idxName, "ndx") ;
+