07236560bae97afc34102ff2ae4a19ea74e7a049 angie Wed Jun 8 17:00:49 2016 -0700 Replacing some str* functions with safe* functions so that if there is buffer overflow, we'll errAbort instead of carrying on with unterminated strings. An undetected overflow in sqlQuickQuery caused strange behavior downstream. refs #17327 note-101 diff --git src/hg/lib/jksql.c src/hg/lib/jksql.c index 87854db..fd2aa5f 100644 --- src/hg/lib/jksql.c +++ src/hg/lib/jksql.c @@ -1915,38 +1915,38 @@ #else boolean doDisableKeys = FALSE; #endif /* determine if tab file can be accessed directly by the database, or send * over the network */ bool sqlNeverLocal = cfgOptionBooleanDefault("db.neverLocal", 0); if (((options & SQL_TAB_FILE_ON_SERVER) && !sqlIsRemote(conn)) | sqlNeverLocal) { /* tab file on server requiries full path */ strcpy(tabPath, ""); if (path[0] != '/') { if (getcwd(tabPath, sizeof(tabPath)) == NULL) errAbort("sqlLoadTableFile: getcwd failed"); - strcat(tabPath, "/"); + safecat(tabPath, sizeof(tabPath), "/"); } - strcat(tabPath, path); + safecat(tabPath, sizeof(tabPath), path); localOpt = ""; } else { - strcpy(tabPath, path); + safecpy(tabPath, sizeof(tabPath), path); localOpt = "LOCAL"; } /* optimize for concurrent to others to access the table. */ if (options & SQL_TAB_FILE_CONCURRENT) concurrentOpt = "CONCURRENT"; else { concurrentOpt = ""; if (doDisableKeys) { /* disable update of indexes during load. Inompatible with concurrent, * since enable keys locks other's out. */ sqlSafef(query, sizeof(query), "ALTER TABLE %s DISABLE KEYS", table); sqlUpdate(conn, query); @@ -2165,31 +2165,31 @@ char *sqlQuickQuery(struct sqlConnection *sc, char *query, char *buf, int bufSize) /* Does query and returns first field in first row. Meant * for cases where you are just looking up one small thing. * Returns NULL if query comes up empty. */ { struct sqlResult *sr; char **row; char *ret = NULL; if ((sr = sqlGetResult(sc, query)) == NULL) return NULL; row = sqlNextRow(sr); if (row != NULL && row[0] != NULL) { - strncpy(buf, row[0], bufSize); + safecpy(buf, bufSize, row[0]); ret = buf; } sqlFreeResult(&sr); return ret; } char *sqlNeedQuickQuery(struct sqlConnection *sc, char *query, char *buf, int bufSize) /* Does query and returns first field in first row. Meant * for cases where you are just looking up one small thing. * Prints error message and aborts if query comes up empty. */ { char *s = sqlQuickQuery(sc, query, buf, bufSize); if (s == NULL) errAbort("query not found: %s", query);