Bug report: http://bugs.php.net/?id=10252&edit=1 Could someone look over this patch and tell me whether it is safe? Both attached and inline here. --- php_odbc.c.orig Wed Apr 11 12:23:56 2001 +++ php_odbc.c Wed Apr 11 12:27:23 2001 @@ -1928,6 +1928,8 @@ char dsnbuf[300]; short dsnbuflen; char *ldb = 0; + int ldb_len = 0; + if (strstr((char*)db, ";")) { direct = 1; @@ -1936,8 +1938,9 @@ ldb = (char*)emalloc(strlen(db) + strlen(uid) + strlen(pwd) + 12); sprintf(ldb, "%s;UID=%s;PWD=%s", db, uid, pwd); } else { - ldb = (char*)emalloc(strlen(db) + 1); - strcat(ldb, db); + ldb_len = (strlen(db)+1); + ldb = (char*)emalloc(ldb_len); + strlcpy(ldb, db, ldb_len); } }
--- php_odbc.c.orig Wed Apr 11 12:23:56 2001 +++ php_odbc.c Wed Apr 11 12:27:23 2001 @@ -1928,6 +1928,8 @@ char dsnbuf[300]; short dsnbuflen; char *ldb = 0; + int ldb_len = 0; + if (strstr((char*)db, ";")) { direct = 1; @@ -1936,8 +1938,9 @@ ldb = (char*)emalloc(strlen(db) + strlen(uid) + strlen(pwd) + 12); sprintf(ldb, "%s;UID=%s;PWD=%s", db, uid, pwd); } else { - ldb = (char*)emalloc(strlen(db) + 1); - strcat(ldb, db); + ldb_len = (strlen(db)+1); + ldb = (char*)emalloc(ldb_len); + strlcpy(ldb, db, ldb_len); } }
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]