database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Bug#48983: Bad strmake calls (length one too long)

Browse Source 
The problem is a somewhat common misusage of the strmake function.
The strmake(dst, src, len) function writes at most /len/ bytes to
the string pointed to by src, not including the trailing null byte.
Hence, if /len/ is the exact length of the destination buffer, a
one byte buffer overflow can occur if the length of the source
string is equal to or greater than /len/.
This commit is contained in:
Davi Arnaut
2009-12-17 15:58:38 -02:00
parent 0f73979084
commit b9380f0e76
12 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sql/sql_acl.cc
View File

@ -914,7 +914,7 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh,
*mqh= acl_user->user_resource;
if (acl_user->host.hostname)
strmake(sctx->priv_host, acl_user->host.hostname, MAX_HOSTNAME);
strmake(sctx->priv_host, acl_user->host.hostname, MAX_HOSTNAME - 1);
else
*sctx->priv_host= 0;
}
@ -1015,7 +1015,7 @@ bool acl_getroot_no_password(Security_context *sctx, char *user, char *host,
sctx->priv_user= acl_user->user ? user : (char *) "";
if (acl_user->host.hostname)
strmake(sctx->priv_host, acl_user->host.hostname, MAX_HOSTNAME);
strmake(sctx->priv_host, acl_user->host.hostname, MAX_HOSTNAME - 1);
else
*sctx->priv_host= 0;
}