1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

protocol safety fix:

Browse Source 
before strlen(db) we need to be sure that
db lies within packet boundaries
This commit is contained in:
Sergei Golubchik 2011-07-07 22:37:38 +02:00
parent 6f5f5b9491
commit 17d716c9c6
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sql/sql_connect.cc
View File

@ -893,16 +893,17 @@ static int check_connection(THD *thd)
(uchar)(*passwd++) : strlen(passwd);
db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
db + passwd_len + 1 : 0;
/* strlen() can't be easily deleted without changing protocol */
uint db_len= db ? strlen(db) : 0;
if (passwd + passwd_len + db_len > (char *)net->read_pos + pkt_len)
if (passwd + passwd_len + test(db) > (char *)net->read_pos + pkt_len)
{
inc_host_errors(&thd->remote.sin_addr);
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
return 1;
}
/* strlen() can't be easily deleted without changing protocol */
uint db_len= db ? strlen(db) : 0;
/* Since 4.1 all database names are stored in utf8 */
if (db)
{