Mini Update #2 -- final fixes for buffer lengths, null buffers, truncation

src/interfaces/odbc/connection.h

@@ -65,6 +65,8 @@ typedef enum {
 #define CONN_OPTION_VALUE_CHANGED 213
 #define CONN_VALUE_OUT_OF_RANGE 214
 
+#define CONN_TRUNCATED 215
+
 /* Conn_status defines */
 #define CONN_IN_AUTOCOMMIT 0x01
 #define CONN_IN_TRANSACTION 0x02

src/interfaces/odbc/drvconn.c

@@ -79,12 +79,14 @@ static char *func = "SQLDriverConnect";
 ConnectionClass *conn = (ConnectionClass *) hdbc;
 ConnInfo *ci;
 #ifdef WIN32
-RETCODE dialog_result;
+RETCODE dialog_result, result;
 #endif
 char connStrIn[MAX_CONNECT_STRING];
 char connStrOut[MAX_CONNECT_STRING];
 int retval;
 char password_required = FALSE;
+int len = 0;
+
 
 	mylog("%s: entering...\n", func);
 
@@ -166,22 +168,6 @@ dialog:
 		return SQL_NO_DATA_FOUND;
 	}
 
-	if(szConnStrOut) {
-
-		/*	Return the completed string to the caller.
-			Only construct the connect string if a dialog was put up,
-			otherwise, just copy the connection input string to the output.
-		*/
-		makeConnectString(connStrOut, ci);
-
-		if(pcbConnStrOut) {
-			*pcbConnStrOut = strlen(connStrOut);
-		}
-		strncpy_null(szConnStrOut, connStrOut, cbConnStrOutMax);
-	}
-
-	mylog("szConnStrOut = '%s'\n", szConnStrOut);
-	qlog("conn=%u, SQLDriverConnect(out)='%s'\n", conn, szConnStrOut);
 
 	// do the actual connect
 	retval = CC_connect(conn, password_required);
@@ -205,8 +191,41 @@ dialog:
 		return SQL_ERROR;
 	}
 
-	mylog("SQLDRiverConnect: returning success\n");
-	return SQL_SUCCESS;
+	/*********************************************/
+	/*     Create the Output Connection String   */
+	/*********************************************/
+	result = SQL_SUCCESS;
+
+	makeConnectString(connStrOut, ci);
+	len = strlen(connStrOut);
+
+	if(szConnStrOut) {
+
+		/*	Return the completed string to the caller. The correct method is to 
+			only construct the connect string if a dialog was put up, otherwise, 
+			it should just copy the connection input string to the output.  
+			However, it seems ok to just always	construct an output string.  There
+			are possible bad side effects on working applications (Access) by 
+			implementing the correct behavior, anyway. 
+		*/
+		strncpy_null(szConnStrOut, connStrOut, cbConnStrOutMax);
+
+		if (len >= cbConnStrOutMax) {
+			result = SQL_SUCCESS_WITH_INFO;
+			conn->errornumber = CONN_TRUNCATED;
+			conn->errormsg = "The buffer was too small for the result.";
+		}
+	}
+
+	if(pcbConnStrOut)
+		*pcbConnStrOut = len;
+
+	mylog("szConnStrOut = '%s'\n", szConnStrOut);
+	qlog("conn=%u, SQLDriverConnect(out)='%s'\n", conn, szConnStrOut);
+
+
+	mylog("SQLDRiverConnect: returning %d\n", result);
+	return result;
 }
 
 #ifdef WIN32

src/interfaces/odbc/environ.c

@@ -242,6 +242,7 @@ int status;
                     strcpy(szSqlState, "01S02");
 					break;
                 case STMT_TRUNCATED:
+				case CONN_TRUNCATED:
                     strcpy(szSqlState, "01004");
                     // data truncated
                     break;

src/interfaces/odbc/execute.c

@@ -431,7 +431,8 @@ FARPROC addr;
 //      -       -       -       -       -       -       -       -       -
 
 //      Returns the SQL string as modified by the driver.
-
+//		Currently, just copy the input string without modification
+//		observing buffer limits and truncation.
 RETCODE SQL_API SQLNativeSql(
         HDBC      hdbc,
         UCHAR FAR *szSqlStrIn,
@@ -441,12 +442,40 @@ RETCODE SQL_API SQLNativeSql(
         SDWORD FAR *pcbSqlStr)
 {
 static char *func="SQLNativeSql";
+int len = 0;
+char *ptr;
+ConnectionClass *conn = (ConnectionClass *) hdbc;
+RETCODE result;
 
-	mylog( "%s: entering...\n", func);
+	mylog( "%s: entering...cbSqlStrIn=%d\n", func, cbSqlStrIn);
+
+	ptr = (cbSqlStrIn == 0) ? "" : make_string(szSqlStrIn, cbSqlStrIn, NULL);
+	if ( ! ptr) {
+		conn->errornumber = CONN_NO_MEMORY_ERROR;
+		conn->errormsg = "No memory available to store native sql string";
+		CC_log_error(func, "", conn);
+		return SQL_ERROR;
+	}
 
-    strncpy_null(szSqlStr, szSqlStrIn, cbSqlStrMax);
+	result = SQL_SUCCESS;
+	len = strlen(ptr);
 
-    return SQL_SUCCESS;
+	if (szSqlStr) {
+		strncpy_null(szSqlStr, ptr, cbSqlStrMax);
+
+		if (len >= cbSqlStrMax)  {
+			result = SQL_SUCCESS_WITH_INFO;
+			conn->errornumber = STMT_TRUNCATED;
+			conn->errormsg = "The buffer was too small for the result.";
+		}
+	}
+
+	if (pcbSqlStr)
+		*pcbSqlStr = len;
+
+	free(ptr);
+
+    return result;
 }
 
 //      -       -       -       -       -       -       -       -       -