1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug#12982926 CLIENT CAN OVERRIDE ZERO-LENGTH-ALLOCATE BUFFER

Browse Source 
Changes in client plugin needed for testing the issue (test instrumentation).
This commit is contained in:
Rafal Somla 2011-09-29 17:02:16 +02:00
parent 0c775ea96f
commit 546cea3fd2
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libmysql/authentication_win/handshake_client.cc
View File

@ -161,6 +161,21 @@ int Handshake_client::write_packet(Blob &data)
keep all the data. keep all the data.
*/ */
unsigned block_count= data.len()/512 + ((data.len() % 512) ? 1 : 0); unsigned block_count= data.len()/512 + ((data.len() % 512) ? 1 : 0);
#if !defined(DBUG_OFF) && defined(WINAUTH_USE_DBUG_LIB)
/*
For testing purposes, use wrong block count to see how server
handles this.
*/
DBUG_EXECUTE_IF("winauth_first_packet_test",{
block_count= data.len() == 601 ? 0 :
data.len() == 602 ? 1 :
block_count;
});
#endif
DBUG_ASSERT(block_count < (unsigned)0x100); DBUG_ASSERT(block_count < (unsigned)0x100);
saved_byte= data[254]; saved_byte= data[254];
data[254] = block_count; data[254] = block_count;