mariadb/sql/sql_connect.cc at 30b0de253ca1509e1c14c85ea74d82ae33acaa9c

mirror of https://github.com/MariaDB/server.git synced 2025-11-21 06:21:35 +03:00

Files

unknown 46085513c1 Bug#28984: crasher on connect with out of range password length in \

protocol

Update for function moved to new file in 5.1.

One could send a malformed packet that caused the server to SEGV.  In 
recent versions of the password protocol, the client tells the server 
what length the ciphertext is (almost always 20).  If that length was
large enough to overflow a signed char, then the number would jump to 
very large after being casted to unsigned int.
  
Instead, cast the *passwd char to uchar.


sql/sql_connect.cc:
  Update for function moved to new file in 5.1.

2007-06-11 16:03:05 -04:00

33 KiB

Raw Blame History

View Raw

33 KiB Raw Blame History

33 KiB

Raw Blame History