diff options
| author | unknown <davi@moksha.local/moksha.com.br> | 2007-10-23 09:05:39 -0300 |
|---|---|---|
| committer | unknown <davi@moksha.local/moksha.com.br> | 2007-10-23 09:05:39 -0300 |
| commit | 22e972ffeb8af1f6bc100eea38fb15483805bde8 (patch) | |
| tree | 37e49aba17df23c28dfa5cecbf45295942af08a6 /sql/protocol.cc | |
| parent | d927461052084fc876151c42ea9502b5bf3fef4a (diff) | |
| download | mariadb-git-22e972ffeb8af1f6bc100eea38fb15483805bde8.tar.gz | |
Bug#31669 Buffer overflow in mysql_change_user()
The problem is that when copying the supplied username and
database, no bounds checking is performed on the fixed-length
buffer. A sufficiently large (> 512) user string can easily
cause stack corruption. Since this API can be used from PHP
and other programs, this is a serious problem.
The solution is to increase the buffer size to the accepted
size in similar functions and perform bounds checking when
copying the username and database.
libmysql/libmysql.c:
Increase the buffer size and perform bounds checking when copying
the supplied arguments.
tests/mysql_client_test.c:
Add test case for Bug#31669
Diffstat (limited to 'sql/protocol.cc')
0 files changed, 0 insertions, 0 deletions