File: 116-CVE-2007-0906_interbase.patch

package info (click to toggle)
php5 5.2.0-8%2Betch1
  • links: PTS
  • area: main
  • in suites: etch-m68k
  • size: 58,836 kB
  • ctags: 45,575
  • sloc: ansic: 535,107; sh: 17,819; php: 11,336; cpp: 4,289; xml: 3,861; yacc: 2,446; lex: 2,174; makefile: 1,150; tcl: 1,128; awk: 693; perl: 71; sql: 22; pascal: 15
file content (56 lines) | stat: -rw-r--r-- 2,477 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
--- old/ext/interbase/ibase_service.c	2007/01/22 09:05:27	1.11.2.2.2.2
+++ new/ext/interbase/ibase_service.c	2007/03/06 00:24:00	1.11.2.2.2.5
@@ -160,7 +160,7 @@
 	
 	for (i = 0; i < sizeof(user_flags); ++i) {
 		if (args[i] != NULL) {
-			int chunk = snprintf(&buf[spb_len], sizeof(buf) - spb_len, "%c%c%c%s",
+			int chunk = slprintf(&buf[spb_len], sizeof(buf) - spb_len, "%c%c%c%s",
 				user_flags[i], (char)args_len[i], (char)(args_len[i] >> 8), args[i]);
 			
 			if ((spb_len + chunk) > sizeof(buf) || chunk <= 0) {
@@ -224,7 +224,7 @@
 	}
 
 	/* construct the spb, hack the service name into it as well */
-	spb_len = snprintf(buf, sizeof(buf), "%c%c%c%c%s%c%c%s" "%s:service_mgr",
+	spb_len = slprintf(buf, sizeof(buf), "%c%c%c%c%s%c%c%s" "%s:service_mgr",
 		isc_spb_version, isc_spb_current_version, isc_spb_user_name, (char)ulen,
 		user, isc_spb_password, (char)plen, pass, host);
 
@@ -322,7 +322,7 @@
 					heap_p = heap_buf + res_size;
 				}
 				result += 2;
-				sprintf(heap_p, "%s\n", result);
+				snprintf(heap_p, heap_buf_size - (heap_buf - heap_p), "%s\n", result);
 				heap_p += line_len +2;
 				goto query_loop; /* repeat until result is exhausted */
 
@@ -441,7 +441,7 @@
 		"Interbase service manager handle", le_service);
 
 	/* fill the param buffer */
-	spb_len = snprintf(buf, sizeof(buf), "%c%c%c%c%s%c%c%c%s%c%c%c%c%c",
+	spb_len = slprintf(buf, sizeof(buf), "%c%c%c%c%s%c%c%c%s%c%c%c%c%c",
 		operation, isc_spb_dbname, (char)dblen, (char)(dblen >> 8), db,
 		isc_spb_bkp_file, (char)bklen, (char)(bklen >> 8), bk, isc_spb_options,
 		(char)opts,(char)(opts >> 8), (char)(opts >> 16), (char)(opts >> 24));
@@ -544,7 +544,7 @@
 			case isc_spb_prp_deny_new_transactions:
 			case isc_spb_prp_deny_new_attachments:
 			case isc_spb_prp_set_sql_dialect:
-				spb_len = snprintf(buf, sizeof(buf), "%c%c%c%c%s%c%c%c%c%c",
+				spb_len = slprintf(buf, sizeof(buf), "%c%c%c%c%s%c%c%c%c%c",
 					svc_action, isc_spb_dbname, (char)dblen, (char)(dblen >> 8), db,
 					(char)action, (char)argument, (char)(argument >> 8), (char)(argument >> 16),
 					(char)(argument >> 24));
@@ -553,7 +553,7 @@
 			case isc_spb_prp_reserve_space:
 			case isc_spb_prp_write_mode:
 			case isc_spb_prp_access_mode:
-				spb_len = snprintf(buf, sizeof(buf), "%c%c%c%c%s%c%c",
+				spb_len = slprintf(buf, sizeof(buf), "%c%c%c%c%s%c%c",
 					isc_action_svc_properties, isc_spb_dbname, (char)dblen, (char)(dblen >> 8),
 					db, (char)action, (char)argument);
 		}