[#4021] Fix potential buffer overrun

modified:   src/hooks/dhcp/mysql/mysql_host_data_source.cc
modified:   src/hooks/dhcp/mysql/mysql_lease_mgr.cc

diff --git a/src/hooks/dhcp/mysql/mysql_host_data_source.cc b/src/hooks/dhcp/mysql/mysql_host_data_source.cc
index 93684d53e7be96ae698e25a926a24db41131c1ac..41a8aea1e62fad362a2af5a11296e21eb08c53a0 100644 (file)
--- a/src/hooks/dhcp/mysql/mysql_host_data_source.cc
+++ b/src/hooks/dhcp/mysql/mysql_host_data_source.cc
@@ -620,8 +620,7 @@ public:
         // Convert user_context to string as well.
         std::string user_context;
         if (user_context_null_ == MLM_FALSE) {
-            user_context_[user_context_length_] = '\0';
-            user_context.assign(user_context_);
+            user_context.assign(user_context_, user_context_length_);
         }
 
         // Set next server value (siaddr) if non NULL value returned.
@@ -948,10 +947,7 @@ private:
             // Convert it to string object for easier comparison.
             std::string space;
             if (space_null_ == MLM_FALSE) {
-                // Typically, the string values returned by the database are not
-                // NULL terminated.
-                space_[space_length_] = '\0';
-                space.assign(space_);
+                space.assign(space_, space_length_);
             }
 
             // If empty or null space provided, use a default top level space.
@@ -963,22 +959,19 @@ private:
             // Convert formatted_value to string.
             std::string formatted_value;
             if (formatted_value_null_ == MLM_FALSE) {
-                formatted_value_[formatted_value_length_] = '\0';
-                formatted_value.assign(formatted_value_);
+                formatted_value.assign(formatted_value_, formatted_value_length_);
             }
 
             // Convert user_context to string.
             std::string user_context;
             if (user_context_null_ == MLM_FALSE) {
-                user_context_[user_context_length_] = '\0';
-                user_context.assign(user_context_);
+                user_context.assign(user_context_, user_context_length_);
             }
 
             // Convert client classes to string.
             std::string client_classes;
             if (client_classes_null_ == MLM_FALSE) {
-                client_classes_[client_classes_length_] = '\0';
-                client_classes.assign(client_classes_);
+                client_classes.assign(client_classes_,client_classes_length_);
             }
 
             // Options are held in a binary or textual format in the database.

diff --git a/src/hooks/dhcp/mysql/mysql_lease_mgr.cc b/src/hooks/dhcp/mysql/mysql_lease_mgr.cc
index 4651e698213c8146ebbc32b85ff30c8bdc19c9d6..8668752619b39db2b6ae23f4b8ae0b3bec423197 100644 (file)
--- a/src/hooks/dhcp/mysql/mysql_lease_mgr.cc
+++ b/src/hooks/dhcp/mysql/mysql_lease_mgr.cc
@@ -1080,8 +1080,7 @@ public:
         // Convert user_context to string as well.
         std::string user_context;
         if (user_context_null_ == MLM_FALSE) {
-            user_context_[user_context_length_] = '\0';
-            user_context.assign(user_context_);
+            user_context.assign(user_context_, user_context_length_);
         }
 
         // Set the user context if there is one.
@@ -1738,8 +1737,7 @@ public:
         // Convert user_context to string as well.
         std::string user_context;
         if (user_context_null_ == MLM_FALSE) {
-            user_context_[user_context_length_] = '\0';
-            user_context.assign(user_context_);
+            user_context.assign(user_context_, user_context_length_);
         }
 
         // Set the user context if there is one.