database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

Fix for

Browse Source 
bug #27715: mysqld --character-sets-dir buffer overflow
bug ##26851: Mysql Client --pager Buffer Overflow

Using strmov() to copy an argument may cause overflow 
if the argument's length is bigger than the buffer:
use strmake instead.
Also, we have to encrease the error message buffer size to fit 
the longest message.


client/mysql.cc:
  Fix for 
  bug #27715: mysqld --character-sets-dir buffer overflow
  bug ##26851: Mysql Client --pager Buffer Overflow
    - use strmake() instead of strmov() to avoid buffer overflow.
mysql-test/r/mysql.result:
  Fix for 
  bug #27715: mysqld --character-sets-dir buffer overflow
  bug ##26851: Mysql Client --pager Buffer Overflow
  
    - test result.
mysql-test/t/mysql.test:
  Fix for 
  bug #27715: mysqld --character-sets-dir buffer overflow
  bug ##26851: Mysql Client --pager Buffer Overflow
  
    - test case.
mysys/charset.c:
  Fix for 
  bug #27715: mysqld --character-sets-dir buffer overflow
  bug ##26851: Mysql Client --pager Buffer Overflow
  
    - encrease error message buffer size to fit the (possible) longest message.
This commit is contained in:
unknown
2007-04-16 12:28:02 +05:00
parent 0ab74abc63
commit be90800c9f
4 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
mysys/charset.c
View File

@@ -388,7 +388,7 @@ my_bool STDCALL init_available_charsets(myf myflags)
static my_bool init_available_charsets(myf myflags)
#endif
{
char fname[FN_REFLEN];
char fname[FN_REFLEN + sizeof(MY_CHARSET_INDEX)];
my_bool error=FALSE;
/*
We have to use charset_initialized to not lock on THR_LOCK_charset
@@ -519,7 +519,7 @@ CHARSET_INFO *get_charset(uint cs_number, myf flags)
if (!cs && (flags & MY_WME))
{
char index_file[FN_REFLEN], cs_string[23];
char index_file[FN_REFLEN + sizeof(MY_CHARSET_INDEX)], cs_string[23];
strmov(get_charsets_dir(index_file),MY_CHARSET_INDEX);
cs_string[0]='#';
int10_to_str(cs_number, cs_string+1, 10);
@@ -539,7 +539,7 @@ CHARSET_INFO *get_charset_by_name(const char *cs_name, myf flags)
if (!cs && (flags & MY_WME))
{
char index_file[FN_REFLEN];
char index_file[FN_REFLEN + sizeof(MY_CHARSET_INDEX)];
strmov(get_charsets_dir(index_file),MY_CHARSET_INDEX);
my_error(EE_UNKNOWN_COLLATION, MYF(ME_BELL), cs_name, index_file);
}
@@ -564,7 +564,7 @@ CHARSET_INFO *get_charset_by_csname(const char *cs_name,
if (!cs && (flags & MY_WME))
{
char index_file[FN_REFLEN];
char index_file[FN_REFLEN + sizeof(MY_CHARSET_INDEX)];
strmov(get_charsets_dir(index_file),MY_CHARSET_INDEX);
my_error(EE_UNKNOWN_CHARSET, MYF(ME_BELL), cs_name, index_file);
}