From 4b39935333b9dd4186ecc8aee00da8893b982667 Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <tmark@isc.org>
Date: Tue, 30 Sep 2025 14:00:10 -0400
Subject: [PATCH] [#4021] Fix potential buffer overrun

modified:   src/hooks/dhcp/mysql/mysql_host_data_source.cc
modified:   src/hooks/dhcp/mysql/mysql_lease_mgr.cc
---
 src/hooks/dhcp/mysql/mysql_host_data_source.cc | 17 +++++------------
 src/hooks/dhcp/mysql/mysql_lease_mgr.cc        |  6 ++----
 2 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/src/hooks/dhcp/mysql/mysql_host_data_source.cc b/src/hooks/dhcp/mysql/mysql_host_data_source.cc
index 93684d53e7..41a8aea1e6 100644
--- a/src/hooks/dhcp/mysql/mysql_host_data_source.cc
+++ b/src/hooks/dhcp/mysql/mysql_host_data_source.cc
@@ -620,8 +620,7 @@ public:
         // Convert user_context to string as well.
         std::string user_context;
         if (user_context_null_ == MLM_FALSE) {
-            user_context_[user_context_length_] = '\0';
-            user_context.assign(user_context_);
+            user_context.assign(user_context_, user_context_length_);
         }
 
         // Set next server value (siaddr) if non NULL value returned.
@@ -948,10 +947,7 @@ private:
             // Convert it to string object for easier comparison.
             std::string space;
             if (space_null_ == MLM_FALSE) {
-                // Typically, the string values returned by the database are not
-                // NULL terminated.
-                space_[space_length_] = '\0';
-                space.assign(space_);
+                space.assign(space_, space_length_);
             }
 
             // If empty or null space provided, use a default top level space.
@@ -963,22 +959,19 @@ private:
             // Convert formatted_value to string.
             std::string formatted_value;
             if (formatted_value_null_ == MLM_FALSE) {
-                formatted_value_[formatted_value_length_] = '\0';
-                formatted_value.assign(formatted_value_);
+                formatted_value.assign(formatted_value_, formatted_value_length_);
             }
 
             // Convert user_context to string.
             std::string user_context;
             if (user_context_null_ == MLM_FALSE) {
-                user_context_[user_context_length_] = '\0';
-                user_context.assign(user_context_);
+                user_context.assign(user_context_, user_context_length_);
             }
 
             // Convert client classes to string.
             std::string client_classes;
             if (client_classes_null_ == MLM_FALSE) {
-                client_classes_[client_classes_length_] = '\0';
-                client_classes.assign(client_classes_);
+                client_classes.assign(client_classes_,client_classes_length_);
             }
 
             // Options are held in a binary or textual format in the database.
diff --git a/src/hooks/dhcp/mysql/mysql_lease_mgr.cc b/src/hooks/dhcp/mysql/mysql_lease_mgr.cc
index 4651e69821..8668752619 100644
--- a/src/hooks/dhcp/mysql/mysql_lease_mgr.cc
+++ b/src/hooks/dhcp/mysql/mysql_lease_mgr.cc
@@ -1080,8 +1080,7 @@ public:
         // Convert user_context to string as well.
         std::string user_context;
         if (user_context_null_ == MLM_FALSE) {
-            user_context_[user_context_length_] = '\0';
-            user_context.assign(user_context_);
+            user_context.assign(user_context_, user_context_length_);
         }
 
         // Set the user context if there is one.
@@ -1738,8 +1737,7 @@ public:
         // Convert user_context to string as well.
         std::string user_context;
         if (user_context_null_ == MLM_FALSE) {
-            user_context_[user_context_length_] = '\0';
-            user_context.assign(user_context_);
+            user_context.assign(user_context_, user_context_length_);
         }
 
         // Set the user context if there is one.
-- 
2.47.3