From: Marek Schimara <Marek.Schimara@bull.net>
Date: Fri, 17 Jun 2016 07:37:46 +0000 (+0200)
Subject: src/rrd_fetch_libdbi.c: fix Coverity CID#13678 Copy into fixed size buffer (buffer... 
X-Git-Tag: v1.7.0~42^2~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df6dc711d0ccf166810e5a0e25fddd1f6f33403d;p=thirdparty%2Frrdtool-1.x.git

src/rrd_fetch_libdbi.c: fix Coverity CID#13678 Copy into fixed size buffer (buffer overflow)

        CWE-120 / https://cwe.mitre.org/data/definitions/120.html
---

diff --git a/src/rrd_fetch_libdbi.c b/src/rrd_fetch_libdbi.c
index b0ca2a66..fc183c7f 100644
--- a/src/rrd_fetch_libdbi.c
+++ b/src/rrd_fetch_libdbi.c
@@ -527,7 +527,11 @@ rrd_fetch_fn_libdbi(
     } else if (*sqlargs==0) { /* ignore empty */
     } else { /* else add to where string */
       if (where[0]) {strcat(where," AND ");}
-      strcat(where,sqlargs);
+      if (strlen(where) + strlen(sqlargs) >= sizeof(where)) {
+        rrd_set_error("argument too long (exceeded %d characters)", sizeof(where) - 1);
+        return -1;
+      }
+      strncat(where,sqlargs, sizeof(where) - strlen(sqlargs) - 1);
     }
     /* and continue loop with next pointer */
     sqlargs=nextptr;