From 0bc8837943cff36d4784f2b8960d66146aeb2750 Mon Sep 17 00:00:00 2001
From: unknown <reggie@mdk10.(none)>
Date: Tue, 21 Jun 2005 13:35:12 -0500
Subject: [PATCH 1/2] Bug #9148  Denial of Service

my_access.c:
  Fixed problem where in some cases check_if_legal_filename was returning 0 for illegal names


mysys/my_access.c:
  Fixed problem where in some cases check_if_legal_filename was returning 0 for illegal names
---
 mysys/my_access.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/mysys/my_access.c b/mysys/my_access.c
index 89e90e16f18..1b9ad6ff380 100644
--- a/mysys/my_access.c
+++ b/mysys/my_access.c
@@ -93,18 +93,20 @@ int check_if_legal_filename(const char *path)
   path+= dirname_length(path);                  /* To start of filename */
   if (!(end= strchr(path, FN_EXTCHAR)))
     end= strend(path);
-  if (path == end || (uint) (path - end) > MAX_RESERVED_NAME_LENGTH)
+  if (path == end || (uint) (end - path) > MAX_RESERVED_NAME_LENGTH)
     DBUG_RETURN(0);                             /* Simplify inner loop */
 
   for (reserved_name= reserved_names; *reserved_name; reserved_name++)
   {
     const char *name= path;
-    while (name != end)
+    const char *current_reserved_name= *reserved_name;
+    
+    while (name != end && *current_reserved_name)
     {
-      if (my_toupper(&my_charset_latin1, *path) !=
-          my_toupper(&my_charset_latin1, *name))
+      if (*current_reserved_name != my_toupper(&my_charset_latin1, *name))
         break;
-      if (name++ == end)
+      current_reserved_name++;
+      if (++name == end)
         DBUG_RETURN(1);                         /* Found wrong path */
     }
   }

From 256c99fdb282512d87f5e6db59cc207024bd06c3 Mon Sep 17 00:00:00 2001
From: unknown <evgen@moonbone.local>
Date: Wed, 22 Jun 2005 22:58:44 +0400
Subject: [PATCH 2/2] item.h:   Fix for fix for bug#9728 decreased
 functionality in "on duplicate key update"   Have to return false to set flag
 for whole expression.

sql/item.h:
  Fix for fix for bug#9728 decreased functionality in "on duplicate key update"
  Have to return false to set flag for whole expression.
---
 sql/item.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sql/item.h b/sql/item.h
index d9a40cbdfb6..82ab5a66cfb 100644
--- a/sql/item.h
+++ b/sql/item.h
@@ -336,7 +336,7 @@ public:
   virtual bool set_flags_processor(byte *args)
   {
     this->item_flags|= *((uint8*)args);
-    return true;
+    return false;
   }
 };