mirror of
https://github.com/MariaDB/server.git
synced 2025-01-17 12:32:27 +01:00
fix potential security hole, pointed out by Sergei. Also simplify code per Sergei's suggestion.
sql/ha_federated.cc: if the mysql_error(mysql) contained any %-format specifiers, my_snprintf would try to interppret them. Essentially replacing printf(str) with printf("%s", str); sql/ha_federated.h: removed unused remote_error_len variable
This commit is contained in:
parent
3b7c799fbf
commit
1e2d3c9b97
2 changed files with 3 additions and 7 deletions
|
@ -2616,10 +2616,8 @@ int ha_federated::stash_remote_error()
|
|||
DBUG_ENTER("ha_federated::stash_remote_error()");
|
||||
remote_error_number= mysql_errno(mysql);
|
||||
const char *remote_error= mysql_error(mysql);
|
||||
remote_error_len= strlen(remote_error);
|
||||
if(remote_error_len > (sizeof(remote_error_buf) - 1))
|
||||
remote_error_len= (sizeof(remote_error_buf) - 1);
|
||||
my_snprintf(remote_error_buf, remote_error_len + 1, remote_error);
|
||||
my_snprintf(remote_error_buf, sizeof(remote_error_buf), "%s",
|
||||
mysql_error(mysql));
|
||||
DBUG_RETURN(HA_FEDERATED_ERROR_WITH_REMOTE_SYSTEM);
|
||||
}
|
||||
|
||||
|
@ -2633,11 +2631,10 @@ bool ha_federated::get_error_message(int error, String* buf)
|
|||
buf->append("Error on remote system: ");
|
||||
buf->qs_append(remote_error_number);
|
||||
buf->append(": ");
|
||||
buf->append(remote_error_buf, remote_error_len);
|
||||
buf->append(remote_error_buf);
|
||||
|
||||
remote_error_number= 0;
|
||||
remote_error_buf[0]= '\0';
|
||||
remote_error_len= 0;
|
||||
}
|
||||
DBUG_PRINT("exit", ("message: %s", buf->ptr()));
|
||||
DBUG_RETURN(FALSE);
|
||||
|
|
|
@ -159,7 +159,6 @@ class ha_federated: public handler
|
|||
MYSQL_ROW_OFFSET current_position; // Current position used by ::position()
|
||||
int remote_error_number;
|
||||
char remote_error_buf[FEDERATED_QUERY_BUFFER_SIZE];
|
||||
uint remote_error_len;
|
||||
|
||||
private:
|
||||
/*
|
||||
|
|
Loading…
Reference in a new issue