From 2925d0f2ee9847c1dcec9c3650ab2c71697a1f62 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Tue, 25 Jan 2022 10:34:13 +0100
Subject: MDEV-27612 Connect : check buffer sizes, fix string format errors

---
 storage/connect/myconn.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'storage/connect/myconn.cpp')

diff --git a/storage/connect/myconn.cpp b/storage/connect/myconn.cpp
index 945c4e698be..438f0ff2b9a 100644
--- a/storage/connect/myconn.cpp
+++ b/storage/connect/myconn.cpp
@@ -399,15 +399,19 @@ PQRYRES SrcColumns(PGLOBAL g, const char *host, const char *db,
   int     w;
   MYSQLC  myc;
   PQRYRES qrp = NULL;
+  const char *p;
 
   if (!port)
     port = mysqld_port;
 
 	if (!strnicmp(srcdef, "select ", 7) || strstr(srcdef, "%s")) {
-    query = (char *)PlugSubAlloc(g, NULL, strlen(srcdef) + 10);
+		query = (char *)PlugSubAlloc(g, NULL, strlen(srcdef) + 10);
 
-		if (strstr(srcdef, "%s"))
-			sprintf(query, srcdef, "1=1");			 // dummy where clause
+		if ((p= strstr(srcdef, "%s")))
+		{
+			/* Replace %s with 1=1 */
+			sprintf(query, "%.*s1=1%s", (int) (p - srcdef), srcdef, p + 2); // dummy where clause
+		}
 		else 
 		  strcpy(query, srcdef);
 
-- 
cgit v1.2.1