diff options
| author | danielk1977 <danielk1977@noemail.net> | 2008-04-30 08:56:10 +0000 |
|---|---|---|
| committer | danielk1977 <danielk1977@noemail.net> | 2008-04-30 08:56:10 +0000 |
| commit | f96d8aebf3fed09f19d467a7979edaeac7a0f346 (patch) | |
| tree | 0bc9eec2c3c339e105161c8dd82162d945e3e4e9 /src/os_unix.c | |
| parent | bf8a4341f19fc9cfc7271659491c7e984d9ca792 (diff) | |
| download | sqlite-f96d8aebf3fed09f19d467a7979edaeac7a0f346.tar.gz sqlite-f96d8aebf3fed09f19d467a7979edaeac7a0f346.zip | |
Fix test for buffer overrun in unixGettempname(). Fix for #3091. (CVS 5069)
FossilOrigin-Name: fc0ca647bd1c7c953bb0f3eb7d3471572fd18c34
Diffstat (limited to 'src/os_unix.c')
| -rw-r--r-- | src/os_unix.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/os_unix.c b/src/os_unix.c index 36a218c16..ca1f20b99 100644 --- a/src/os_unix.c +++ b/src/os_unix.c @@ -2520,9 +2520,14 @@ static int unixGetTempname(sqlite3_vfs *pVfs, int nBuf, char *zBuf){ zDir = azDirs[i]; break; } - if( strlen(zDir) - sizeof(SQLITE_TEMP_FILE_PREFIX) - 17 <=0 ){ + + /* Check that the output buffer is large enough for the temporary file + ** name. If it is not, return SQLITE_ERROR. + */ + if( (strlen(zDir) + strlen(SQLITE_TEMP_FILE_PREFIX) + 17) >= nBuf ){ return SQLITE_ERROR; } + do{ assert( pVfs->mxPathname==MAX_PATHNAME ); sqlite3_snprintf(nBuf-17, zBuf, "%s/"SQLITE_TEMP_FILE_PREFIX, zDir); |