From 60c1541524d2cd8877162b3c9f3f98321d06fafd Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 14 Jan 2005 22:46:04 +0100 Subject: [PATCH] protect against malicious server trying to crash command-line client :) --- client/mysql.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/mysql.cc b/client/mysql.cc index 739cc77bd14..b9251361a01 100644 --- a/client/mysql.cc +++ b/client/mysql.cc @@ -172,7 +172,7 @@ static char *shared_memory_base_name=0; #endif static uint opt_protocol=0; static CHARSET_INFO *charset_info= &my_charset_latin1; - + #include "sslopt-vars.h" const char *default_dbug_option="d:t:o,/tmp/mysql.trace"; @@ -1520,7 +1520,7 @@ You can turn off this feature to get a quicker startup with -A\n\n"); j=0; while ((sql_field=mysql_fetch_field(fields))) { - sprintf(buf,"%s.%s",table_row[0],sql_field->name); + sprintf(buf,"%.64s.%.64s",table_row[0],sql_field->name); field_names[i][j] = strdup_root(&hash_mem_root,buf); add_word(&ht,field_names[i][j]); field_names[i][num_fields+j] = strdup_root(&hash_mem_root, @@ -1597,7 +1597,7 @@ int mysql_real_query_for_lazy(const char *buf, int length) for (uint retry=0;; retry++) { if (!mysql_real_query(&mysql,buf,length)) - return 0; + return 0; int error= put_error(&mysql); if (mysql_errno(&mysql) != CR_SERVER_GONE_ERROR || retry > 1 || !opt_reconnect) @@ -2526,7 +2526,7 @@ com_connect(String *buffer, char *line) { sprintf(buff,"Connection id: %lu",mysql_thread_id(&mysql)); put_info(buff,INFO_INFO); - sprintf(buff,"Current database: %s\n", + sprintf(buff,"Current database: %.128s\n", current_db ? current_db : "*** NONE ***"); put_info(buff,INFO_INFO); }