/ Check-in [fc0ca647]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix test for buffer overrun in unixGettempname(). Fix for #3091. (CVS 5069)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: fc0ca647bd1c7c953bb0f3eb7d3471572fd18c34
User & Date: danielk1977 2008-04-30 08:56:10
Context
2008-04-30
15:55
Improved option handling in speedtest8.c. Added -quiet and -priority options. Added reporting of total user and system time. (CVS 5070) check-in: aa59974e user: shane tags: trunk
08:56
Fix test for buffer overrun in unixGettempname(). Fix for #3091. (CVS 5069) check-in: fc0ca647 user: danielk1977 tags: trunk
2008-04-29
15:38
Zero the per-pager temporary space allocation to avoid warnings from valgrind. (CVS 5068) check-in: f854ae57 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/os_unix.c.

2516
2517
2518
2519
2520
2521
2522




2523
2524
2525

2526
2527
2528
2529
2530
2531
2532
    if( azDirs[i]==0 ) continue;
    if( stat(azDirs[i], &buf) ) continue;
    if( !S_ISDIR(buf.st_mode) ) continue;
    if( access(azDirs[i], 07) ) continue;
    zDir = azDirs[i];
    break;
  }




  if( strlen(zDir) - sizeof(SQLITE_TEMP_FILE_PREFIX) - 17 <=0 ){
    return SQLITE_ERROR;
  }

  do{
    assert( pVfs->mxPathname==MAX_PATHNAME );
    sqlite3_snprintf(nBuf-17, zBuf, "%s/"SQLITE_TEMP_FILE_PREFIX, zDir);
    j = strlen(zBuf);
    sqlite3_randomness(15, &zBuf[j]);
    for(i=0; i<15; i++, j++){
      zBuf[j] = (char)zChars[ ((unsigned char)zBuf[j])%(sizeof(zChars)-1) ];







>
>
>
>
|


>







2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
    if( azDirs[i]==0 ) continue;
    if( stat(azDirs[i], &buf) ) continue;
    if( !S_ISDIR(buf.st_mode) ) continue;
    if( access(azDirs[i], 07) ) continue;
    zDir = azDirs[i];
    break;
  }

  /* Check that the output buffer is large enough for the temporary file 
  ** name. If it is not, return SQLITE_ERROR.
  */
  if( (strlen(zDir) + strlen(SQLITE_TEMP_FILE_PREFIX) + 17) >= nBuf ){
    return SQLITE_ERROR;
  }

  do{
    assert( pVfs->mxPathname==MAX_PATHNAME );
    sqlite3_snprintf(nBuf-17, zBuf, "%s/"SQLITE_TEMP_FILE_PREFIX, zDir);
    j = strlen(zBuf);
    sqlite3_randomness(15, &zBuf[j]);
    for(i=0; i<15; i++, j++){
      zBuf[j] = (char)zChars[ ((unsigned char)zBuf[j])%(sizeof(zChars)-1) ];