Fix buffer overrun in constructing error message.

If the server returned an error longer than 4096 bytes, we would overrun the buffer by two bytes. If you're unlucky, that could lead to a crash, and it consistently did on Windows. Per report from Andrus Moor.
author: Heikki Linnakangas 2015-09-22 12:36:02 +0000
committer: Heikki Linnakangas 2015-09-22 12:36:02 +0000
commit: 2c0db790012dcdd0095cf53047dd35c4de5a528e (patch)
tree: f324f89eee8ea1300336c82ac3b998bbf56dd2fd /statement.c
parent: 70fb7b71987b183981f1d98175e824b9bf79bbad (diff)
1 files changed, 5 insertions, 7 deletions
diff --git a/statement.c b/statement.c
index 20c9c06..57e7aa2 100644
--- a/statement.c
+++ b/statement.c
@@ -1299,12 +1299,9 @@ SC_create_errorinfo(const StatementClass *self)
 	{
 		pos = strlen(msg);
 
-		if (detailmsg)
-		{
-			msg[pos++] = ';';
-			msg[pos++] = '\n';
-		}
-		strncpy_null(msg + pos, wmsg, sizeof(msg) - pos);
+		snprintf(&msg[pos], sizeof(msg) - pos, "%s%s",
+				 detailmsg ? ";\n" : "",
+				 wmsg);
 		ermsg = msg;
 		detailmsg = TRUE;
 	}
@@ -1316,7 +1313,8 @@ SC_create_errorinfo(const StatementClass *self)
 		if (!resmsg && (wmsg = CC_get_errormsg(conn)) && wmsg[0] != '\0')
 		{
 			pos = strlen(msg);
-			snprintf(&msg[pos], sizeof(msg) - pos, ";\n%s", CC_get_errormsg(conn));
+			snprintf(&msg[pos], sizeof(msg) - pos,
+					 ";\n%s", CC_get_errormsg(conn));
 		}
 
 		ermsg = msg;
author	Heikki Linnakangas	2015-09-22 12:36:02 +0000
committer	Heikki Linnakangas	2015-09-22 12:36:02 +0000
commit	2c0db790012dcdd0095cf53047dd35c4de5a528e (patch)
tree	f324f89eee8ea1300336c82ac3b998bbf56dd2fd /statement.c
parent	70fb7b71987b183981f1d98175e824b9bf79bbad (diff)