tt_isam_record.C: fix CERT VU#387387

author Jon Trulson <jon@radscan.com>

Sun, 27 May 2012 00:28:02 +0000 (18:28 -0600)

committer Jon Trulson <jon@radscan.com>

Sun, 27 May 2012 00:28:02 +0000 (18:28 -0600)
author Jon Trulson <jon@radscan.com>
Sun, 27 May 2012 00:28:02 +0000 (18:28 -0600)
committer Jon Trulson <jon@radscan.com>
Sun, 27 May 2012 00:28:02 +0000 (18:28 -0600)
diff --git a/cde/lib/tt/bin/ttdbserverd/tt_isam_record.C b/cde/lib/tt/bin/ttdbserverd/tt_isam_record.C

index e5fceabad03b4a4274cbbd4d90852152533394a3..75c18b91ecff516859e002f6dff578ee4bc8d8b3 100644 (file)
--- a/cde/lib/tt/bin/ttdbserverd/tt_isam_record.C
+++ b/cde/lib/tt/bin/ttdbserverd/tt_isam_record.C
@@ -139,7 +139,20 @@ _Tt_string _Tt_isam_record::getBytes (int start, int length) const
       
  void _Tt_isam_record::setBytes (int start, const _Tt_string &value)
  {
-  (void)memcpy((char *)buffer+start, (char *)value, value.len());
+  // JET - CERT vulnerability: VU#387387 - value is user supplied.
+  // Geez.
+  int bavail = (maxLength - start);
+  int bcp = 0;
+
+  if (bavail <= 0)
+    return;
+
+  if (bavail > length)
+    bcp = length;
+  else
+    bcp = bavail;
+
+  (void)memcpy((char *)buffer+start, (char *)value, bcp);
  }
  
  void _Tt_isam_record::setBytes (int               start,
author	Jon Trulson <jon@radscan.com>
	Sun, 27 May 2012 00:28:02 +0000 (18:28 -0600)
committer	Jon Trulson <jon@radscan.com>
	Sun, 27 May 2012 00:28:02 +0000 (18:28 -0600)