mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-17 04:22:27 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix potential security hole, pointed out by Sergei. Also simplify code per Sergei's suggestion.

Browse source 
sql/ha_federated.cc:
  if the mysql_error(mysql) contained any %-format specifiers, my_snprintf would try to interppret them. Essentially replacing printf(str) with printf("%s", str);
sql/ha_federated.h:
  removed unused remote_error_len variable
This commit is contained in:
unknown 2005-11-17 06:05:09 -08:00
parent 3b7c799fbf
commit 1e2d3c9b97
2 changed files with 3 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
sql/ha_federated.cc
View file

@ -2616,10 +2616,8 @@ int ha_federated::stash_remote_error()
DBUG_ENTER("ha_federated::stash_remote_error()");
remote_error_number= mysql_errno(mysql);
const char *remote_error= mysql_error(mysql);
remote_error_len= strlen(remote_error);
if(remote_error_len > (sizeof(remote_error_buf) - 1))
remote_error_len= (sizeof(remote_error_buf) - 1);
my_snprintf(remote_error_buf, remote_error_len + 1, remote_error);
my_snprintf(remote_error_buf, sizeof(remote_error_buf), "%s",
mysql_error(mysql));
DBUG_RETURN(HA_FEDERATED_ERROR_WITH_REMOTE_SYSTEM);
}
@ -2633,11 +2631,10 @@ bool ha_federated::get_error_message(int error, String* buf)
buf->append("Error on remote system: ");
buf->qs_append(remote_error_number);
buf->append(": ");
buf->append(remote_error_buf, remote_error_len);
buf->append(remote_error_buf);
remote_error_number= 0;
remote_error_buf[0]= '\0';
remote_error_len= 0;
}
DBUG_PRINT("exit", ("message: %s", buf->ptr()));
DBUG_RETURN(FALSE);

1
sql/ha_federated.h
View file

@ -159,7 +159,6 @@ class ha_federated: public handler
MYSQL_ROW_OFFSET current_position; // Current position used by ::position()
int remote_error_number;
char remote_error_buf[FEDERATED_QUERY_BUFFER_SIZE];
uint remote_error_len;
private:
/*