mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bug #18186103 BUFFER OVERFLOW IN CLIENT

Browse source 
Problem: While printing the Server version, mysql client
         doesn't check for the buffer overflow in a
         String variable.

Solution: Used a different print function which checks the
          allocated length before writing into the string.
This commit is contained in:
Vamsikrishna Bhagi 2014-02-12 15:17:37 +05:30
parent e13b28afdf
commit 6923c1d9a5
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
client/mysql.cc
View file

@ -1,5 +1,5 @@
/* /*
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -1176,7 +1176,7 @@ int main(int argc,char *argv[])
put_info("Welcome to the MySQL monitor. Commands end with ; or \\g.", put_info("Welcome to the MySQL monitor. Commands end with ; or \\g.",
INFO_INFO); INFO_INFO);
sprintf((char*) glob_buffer.ptr(), snprintf((char*) glob_buffer.ptr(), glob_buffer.alloced_length(),
"Your MySQL connection id is %lu\nServer version: %s\n", "Your MySQL connection id is %lu\nServer version: %s\n",
mysql_thread_id(&mysql), server_version_string(&mysql)); mysql_thread_id(&mysql), server_version_string(&mysql));
put_info((char*) glob_buffer.ptr(),INFO_INFO); put_info((char*) glob_buffer.ptr(),INFO_INFO);