dprevot/php-sqlsrv
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Replace most strlen with strnlen_s

Browse source
This commit is contained in:
Jenny Tam 2018-04-13 15:06:10 -07:00
parent c87e37fcbd
commit 93b9938e02
8 changed files with 27 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
source/pdo_sqlsrv/pdo_dbh.cpp
View file

@ -1253,7 +1253,7 @@ char * pdo_sqlsrv_dbh_last_id( _Inout_ pdo_dbh_t *dbh, _In_z_ const char *name,
else { else {
char* quoted_table = NULL; char* quoted_table = NULL;
size_t quoted_len = 0; size_t quoted_len = 0;
int quoted = pdo_sqlsrv_dbh_quote( dbh, name, strlen( name ), &quoted_table, &quoted_len, PDO_PARAM_NULL TSRMLS_CC ); int quoted = pdo_sqlsrv_dbh_quote( dbh, name, strnlen_s( name ), &quoted_table, &quoted_len, PDO_PARAM_NULL TSRMLS_CC );
SQLSRV_ASSERT( quoted, "PDO::lastInsertId failed to quote the table name."); SQLSRV_ASSERT( quoted, "PDO::lastInsertId failed to quote the table name.");
snprintf( last_insert_id_query, LAST_INSERT_ID_QUERY_MAX_LEN, SEQUENCE_CURRENT_VALUE_QUERY, quoted_table ); snprintf( last_insert_id_query, LAST_INSERT_ID_QUERY_MAX_LEN, SEQUENCE_CURRENT_VALUE_QUERY, quoted_table );
sqlsrv_free( quoted_table ); sqlsrv_free( quoted_table );
@ -1270,7 +1270,7 @@ char * pdo_sqlsrv_dbh_last_id( _Inout_ pdo_dbh_t *dbh, _In_z_ const char *name,
sqlsrv_malloc_auto_ptr<SQLWCHAR> wsql_string; sqlsrv_malloc_auto_ptr<SQLWCHAR> wsql_string;
unsigned int wsql_len; unsigned int wsql_len;
wsql_string = utf16_string_from_mbcs_string( SQLSRV_ENCODING_CHAR, reinterpret_cast<const char*>( last_insert_id_query ), static_cast<unsigned int>( strlen( last_insert_id_query )), &wsql_len ); wsql_string = utf16_string_from_mbcs_string( SQLSRV_ENCODING_CHAR, reinterpret_cast<const char*>( last_insert_id_query ), static_cast<unsigned int>( strnlen_s( last_insert_id_query )), &wsql_len );
CHECK_CUSTOM_ERROR( wsql_string == 0, driver_stmt, SQLSRV_ERROR_QUERY_STRING_ENCODING_TRANSLATE, get_last_error_message() ) { CHECK_CUSTOM_ERROR( wsql_string == 0, driver_stmt, SQLSRV_ERROR_QUERY_STRING_ENCODING_TRANSLATE, get_last_error_message() ) {
throw core::CoreException(); throw core::CoreException();

8
source/pdo_sqlsrv/pdo_util.cpp
View file

@ -473,7 +473,7 @@ bool pdo_sqlsrv_handle_dbh_error( _Inout_ sqlsrv_context& ctx, _In_opt_ unsigned
SQLSRV_ASSERT( err == true, "No ODBC error was found" ); SQLSRV_ASSERT( err == true, "No ODBC error was found" );
} }
SQLSRV_ASSERT(strlen(reinterpret_cast<const char*>(error->sqlstate)) <= sizeof(dbh->error_code), "Error code overflow"); SQLSRV_ASSERT(strnlen_s(reinterpret_cast<const char*>(error->sqlstate)) <= sizeof(dbh->error_code), "Error code overflow");
strcpy_s(dbh->error_code, sizeof(dbh->error_code), reinterpret_cast<const char*>(error->sqlstate)); strcpy_s(dbh->error_code, sizeof(dbh->error_code), reinterpret_cast<const char*>(error->sqlstate));
switch( dbh->error_mode ) { switch( dbh->error_mode ) {
@ -486,7 +486,7 @@ bool pdo_sqlsrv_handle_dbh_error( _Inout_ sqlsrv_context& ctx, _In_opt_ unsigned
break; break;
case PDO_ERRMODE_WARNING: case PDO_ERRMODE_WARNING:
if( !warning ) { if( !warning ) {
size_t msg_len = strlen( reinterpret_cast<const char*>( error->native_message )) + SQL_SQLSTATE_BUFSIZE size_t msg_len = strnlen_s( reinterpret_cast<const char*>( error->native_message )) + SQL_SQLSTATE_BUFSIZE
+ MAX_DIGITS + WARNING_MIN_LENGTH + 1; + MAX_DIGITS + WARNING_MIN_LENGTH + 1;
sqlsrv_malloc_auto_ptr<char> msg; sqlsrv_malloc_auto_ptr<char> msg;
msg = static_cast<char*>( sqlsrv_malloc( msg_len ) ); msg = static_cast<char*>( sqlsrv_malloc( msg_len ) );
@ -525,7 +525,7 @@ bool pdo_sqlsrv_handle_stmt_error( _Inout_ sqlsrv_context& ctx, _In_opt_ unsigne
SQLSRV_ASSERT( err == true, "No ODBC error was found" ); SQLSRV_ASSERT( err == true, "No ODBC error was found" );
} }
SQLSRV_ASSERT( strlen( reinterpret_cast<const char*>( error->sqlstate ) ) <= sizeof( pdo_stmt->error_code ), "Error code overflow"); SQLSRV_ASSERT( strnlen_s( reinterpret_cast<const char*>( error->sqlstate ) ) <= sizeof( pdo_stmt->error_code ), "Error code overflow");
strcpy_s( pdo_stmt->error_code, sizeof( pdo_stmt->error_code ), reinterpret_cast<const char*>( error->sqlstate )); strcpy_s( pdo_stmt->error_code, sizeof( pdo_stmt->error_code ), reinterpret_cast<const char*>( error->sqlstate ));
switch( pdo_stmt->dbh->error_mode ) { switch( pdo_stmt->dbh->error_mode ) {
@ -612,7 +612,7 @@ void pdo_sqlsrv_throw_exception( _In_ sqlsrv_error_const* error TSRMLS_DC )
SQLSRV_ASSERT( zr != FAILURE, "Failed to initialize exception object" ); SQLSRV_ASSERT( zr != FAILURE, "Failed to initialize exception object" );
sqlsrv_malloc_auto_ptr<char> ex_msg; sqlsrv_malloc_auto_ptr<char> ex_msg;
size_t ex_msg_len = strlen( reinterpret_cast<const char*>( error->native_message )) + SQL_SQLSTATE_BUFSIZE + size_t ex_msg_len = strnlen_s( reinterpret_cast<const char*>( error->native_message )) + SQL_SQLSTATE_BUFSIZE +
12 + 1; // 12 = "SQLSTATE[]: " 12 + 1; // 12 = "SQLSTATE[]: "
ex_msg = reinterpret_cast<char*>( sqlsrv_malloc( ex_msg_len )); ex_msg = reinterpret_cast<char*>( sqlsrv_malloc( ex_msg_len ));
snprintf( ex_msg, ex_msg_len, EXCEPTION_MSG_TEMPLATE, error->sqlstate, error->native_message ); snprintf( ex_msg, ex_msg_len, EXCEPTION_MSG_TEMPLATE, error->sqlstate, error->native_message );

2
source/shared/FormattedPrint.cpp
View file

@ -709,7 +709,7 @@ int FormattedPrintA( IFormattedPrintOutput<char> * output, const char *format, v
++text.sz; ++text.sz;
} }
textlen = (int)strlen(text.sz); /* compute length of text */ textlen = (int)strnlen_s(text.sz); /* compute length of text */
} }
break; break;

6
source/shared/StringFunctions.cpp
View file

@ -138,6 +138,12 @@ int mplat_strcat_s( char * dest, size_t destSize, const char * src )
} }
return 0; return 0;
} }
size_t strnlen_s(const char * _Str, size_t _MaxCount)
{
return (_Str==0) ? 0 : strnlen(_Str, _MaxCount);
}
// //
// End copy functions // End copy functions
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------

2
source/shared/StringFunctions.h
View file

@ -31,6 +31,8 @@ int mplat_memcpy_s(void *_S1, size_t _N1, const void *_S2, size_t _N);
int mplat_strcat_s( char *strDestination, size_t numberOfElements, const char *strSource ); int mplat_strcat_s( char *strDestination, size_t numberOfElements, const char *strSource );
int mplat_strcpy_s(char * _Dst, size_t _SizeInBytes, const char * _Src); int mplat_strcpy_s(char * _Dst, size_t _SizeInBytes, const char * _Src);
size_t strnlen_s(const char * _Str, size_t _MaxCount = INT_MAX);
// Copy // Copy
#define memcpy_s mplat_memcpy_s #define memcpy_s mplat_memcpy_s
#define strcat_s mplat_strcat_s #define strcat_s mplat_strcat_s

12
source/shared/core_conn.cpp
View file

@ -755,31 +755,31 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
try { try {
// Add the server name // Add the server name
common_conn_str_append_func( ODBCConnOptions::SERVER, server, strlen( server ), connection_string TSRMLS_CC ); common_conn_str_append_func( ODBCConnOptions::SERVER, server, strnlen_s( server ), connection_string TSRMLS_CC );
// if uid is not present then we use trusted connection. // if uid is not present then we use trusted connection.
if(uid == NULL || strlen( uid ) == 0 ) { if(uid == NULL || strnlen_s( uid ) == 0 ) {
connection_string += "Trusted_Connection={Yes};"; connection_string += "Trusted_Connection={Yes};";
} }
else { else {
bool escaped = core_is_conn_opt_value_escaped( uid, strlen( uid )); bool escaped = core_is_conn_opt_value_escaped( uid, strnlen_s( uid ));
CHECK_CUSTOM_ERROR( !escaped, conn, SQLSRV_ERROR_UID_PWD_BRACES_NOT_ESCAPED ) { CHECK_CUSTOM_ERROR( !escaped, conn, SQLSRV_ERROR_UID_PWD_BRACES_NOT_ESCAPED ) {
throw core::CoreException(); throw core::CoreException();
} }
common_conn_str_append_func( ODBCConnOptions::UID, uid, strlen( uid ), connection_string TSRMLS_CC ); common_conn_str_append_func( ODBCConnOptions::UID, uid, strnlen_s( uid ), connection_string TSRMLS_CC );
// if no password was given, then don't add a password to the connection string. Perhaps the UID // if no password was given, then don't add a password to the connection string. Perhaps the UID
// given doesn't have a password? // given doesn't have a password?
if( pwd != NULL ) { if( pwd != NULL ) {
escaped = core_is_conn_opt_value_escaped( pwd, strlen( pwd )); escaped = core_is_conn_opt_value_escaped( pwd, strnlen_s( pwd ));
CHECK_CUSTOM_ERROR( !escaped, conn, SQLSRV_ERROR_UID_PWD_BRACES_NOT_ESCAPED ) { CHECK_CUSTOM_ERROR( !escaped, conn, SQLSRV_ERROR_UID_PWD_BRACES_NOT_ESCAPED ) {
throw core::CoreException(); throw core::CoreException();
} }
common_conn_str_append_func( ODBCConnOptions::PWD, pwd, strlen( pwd ), connection_string TSRMLS_CC ); common_conn_str_append_func( ODBCConnOptions::PWD, pwd, strnlen_s( pwd ), connection_string TSRMLS_CC );
} }
} }

7
source/shared/core_sqlsrv.h
View file

@ -56,10 +56,9 @@
// #define MultiByteToWideChar SystemLocale::ToUtf16 // #define MultiByteToWideChar SystemLocale::ToUtf16
#define stricmp strcasecmp #define stricmp strcasecmp
#define strnicmp strncasecmp #define strnicmp strncasecmp
#define strnlen_s(s) strnlen_s(s, INT_MAX)
#ifndef _WIN32 #ifndef _WIN32
#define GetLastError() errno #define GetLastError() errno
@ -998,7 +997,7 @@ struct sqlsrv_encoding {
bool not_for_connection; bool not_for_connection;
sqlsrv_encoding( _In_ const char* iana, _In_ unsigned int code_page, _In_ bool not_for_conn = false ): sqlsrv_encoding( _In_ const char* iana, _In_ unsigned int code_page, _In_ bool not_for_conn = false ):
iana( iana ), iana_len( strlen( iana )), code_page( code_page ), not_for_connection( not_for_conn ) iana( iana ), iana_len( strnlen_s( iana )), code_page( code_page ), not_for_connection( not_for_conn )
{ {
} }
}; };
@ -1784,7 +1783,7 @@ inline bool call_error_handler( _Inout_ sqlsrv_context* ctx, _In_ unsigned long
inline bool is_truncated_warning( _In_ SQLCHAR* state ) inline bool is_truncated_warning( _In_ SQLCHAR* state )
{ {
#if defined(ZEND_DEBUG) #if defined(ZEND_DEBUG)
if( state == NULL || strlen( reinterpret_cast<char*>( state )) != 5 ) { \ if( state == NULL || strnlen_s( reinterpret_cast<char*>( state )) != 5 ) { \
DIE( "Incorrect SQLSTATE given to is_truncated_warning." ); \ DIE( "Incorrect SQLSTATE given to is_truncated_warning." ); \
} }
#endif #endif

6
source/shared/localizationimpl.cpp
View file

@ -310,7 +310,7 @@ SystemLocale::SystemLocale( const char * localeName )
charsetName = charsetName ? charsetName + 1 : localeName; charsetName = charsetName ? charsetName + 1 : localeName;
for (const LocaleCP& lcp : lcpTable) for (const LocaleCP& lcp : lcpTable)
{ {
if (!strncasecmp(lcp.localeName, charsetName, strlen(lcp.localeName))) if (!strncasecmp(lcp.localeName, charsetName, strnlen_s(lcp.localeName)))
{ {
m_uAnsiCP = lcp.codePage; m_uAnsiCP = lcp.codePage;
return; return;
@ -346,7 +346,7 @@ size_t SystemLocale::ToUtf16( UINT srcCodePage, const char * src, SSIZE_T cchSrc
*pErrorCode = ERROR_INVALID_PARAMETER; *pErrorCode = ERROR_INVALID_PARAMETER;
return 0; return 0;
} }
size_t cchSrcActual = (cchSrc < 0 ? (1+strlen(src)) : cchSrc); size_t cchSrcActual = (cchSrc < 0 ? (1+strnlen_s(src)) : cchSrc);
bool hasLoss; bool hasLoss;
return cvt.Convert( dest, cchDest, src, cchSrcActual, false, &hasLoss, pErrorCode ); return cvt.Convert( dest, cchDest, src, cchSrcActual, false, &hasLoss, pErrorCode );
} }
@ -361,7 +361,7 @@ size_t SystemLocale::ToUtf16Strict( UINT srcCodePage, const char * src, SSIZE_T
*pErrorCode = ERROR_INVALID_PARAMETER; *pErrorCode = ERROR_INVALID_PARAMETER;
return 0; return 0;
} }
size_t cchSrcActual = (cchSrc < 0 ? (1+strlen(src)) : cchSrc); size_t cchSrcActual = (cchSrc < 0 ? (1+strnlen_s(src)) : cchSrc);
bool hasLoss; bool hasLoss;
return cvt.Convert( dest, cchDest, src, cchSrcActual, true, &hasLoss, pErrorCode ); return cvt.Convert( dest, cchDest, src, cchSrcActual, true, &hasLoss, pErrorCode );
} }