projects / oweals / cde.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e820f21)
tt_isam_record.C: fix CERT VU#387387 part 2
authorJon Trulson <jon@radscan.com>
Sun, 27 May 2012 00:29:26 +0000 (18:29 -0600)
committerJon Trulson <jon@radscan.com>
Sun, 27 May 2012 00:29:26 +0000 (18:29 -0600)
cde/lib/tt/bin/ttdbserverd/tt_isam_record.C patch | blob | history

diff --git a/cde/lib/tt/bin/ttdbserverd/tt_isam_record.C b/cde/lib/tt/bin/ttdbserverd/tt_isam_record.C
index 75c18b91ecff516859e002f6dff578ee4bc8d8b3..5d635e2eec723f17d849059bcd9d1041d3170ea4 100644 (file)
--- a/cde/lib/tt/bin/ttdbserverd/tt_isam_record.C
+++ b/cde/lib/tt/bin/ttdbserverd/tt_isam_record.C
@@ -159,5 +159,18 @@ void _Tt_isam_record::setBytes (int               start,
                                int               length,
                                const _Tt_string &value)
 {
-  (void)memcpy((char *)buffer+start, (char *)value, length);
+  // JET - CERT vulnerability: VU#387387 - value is user supplied.
+  // Geez.
+  int bavail = (maxLength - start);
+  int bcp = 0;
+
+  if (bavail <= 0)
+    return;
+
+  if (bavail > length)
+    bcp = length;
+  else
+    bcp = bavail;
+
+  (void)memcpy((char *)buffer+start, (char *)value, bcp);
 }
Unnamed repository; edit this file 'description' to name the repository.