 bk commit into 4.1 tree (serg:1.2479) -
05-25-2006
, 11:29 AM
Below is the list of changes that have just been committed into a local
4.1 repository of mysqldev. When mysqldev does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/in...urce-tree.html
ChangeSet
1.2479 06/05/25 18:26:57 serg (AT) mysql (DOT) com +1 -0
sql_parse.cc:
information exposure bugs fixed (reported by Stefano Di Paola)
commit for 4.1.16a, will not be pushed upward
sql/sql_parse.cc
1.472 06/05/25 18:23:47 serg (AT) mysql (DOT) com +17 -1
information exposure bugs fixed (reported by Stefano Di Paola)
commit for 4.1.16a, will not be pushed upward
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: serg
# Host: production.mysql.com
# Root: /data0/mysqldev/my/mysql-4.1.16a-release
--- 1.471/sql/sql_parse.cc 2005-10-10 19:22:50 +02:00
+++ 1.472/sql/sql_parse.cc 2006-05-25 18:23:47 +02:00
@@ -904,6 +904,12 @@
db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
db + passwd_len + 1 : 0;
+ if (strend(db ? db : passwd) - (char*)net->read_pos > pkt_len)
+ {
+ inc_host_errors(&thd->remote.sin_addr);
+ return ER_HANDSHAKE_ERROR;
+ }
+
/* Since 4.1 all database names are stored in utf8 */
if (db)
{
@@ -1376,7 +1382,17 @@
{
char *db, *tbl_name;
uint db_len= *(uchar*) packet;
- uint tbl_len= *(uchar*) (packet + db_len + 1);
+ if (db_len >= packet_length || db_len > NAME_LEN)
+ {
+ send_error(&thd->net, ER_UNKNOWN_COM_ERROR);
+ break;
+ }
+ uint tbl_len = *(uchar*)(packet + db_len + 1);
+ if (db_len+tbl_len+2 > packet_length || tbl_len > NAME_LEN)
+ {
+ send_error(&thd->net, ER_UNKNOWN_COM_ERROR);
+ break;
+ }
statistic_increment(com_other, &LOCK_status);
thd->enable_slow_log= opt_log_slow_admin_statements;
--
MySQL Internals Mailing List
For list archives: http://lists.mysql.com/internals
To unsubscribe: http://lists.mysql.com/internals?uns...ie.nctu.edu.tw
 |
Linear Mode
