mirror of
https://github.com/MariaDB/server.git
synced 2026-04-23 08:45:33 +02:00
06a1df9181
The problem is a somewhat common misusage of the strmake function. The strmake(dst, src, len) function writes at most /len/ bytes to the string pointed to by src, not including the trailing null byte. Hence, if /len/ is the exact length of the destination buffer, a one byte buffer overflow can occur if the length of the source string is equal to or greater than /len/. client/mysqldump.c: Make room for the trailing null byte. libmysql/libmysql.c: Add comment, there is enough room in the buffer. Increase buffer length, two strings are concatenated. libmysqld/lib_sql.cc: Make room for the trailing null byte. mysys/default.c: Make room for the trailing null bytes. mysys/mf_pack.c: Make room for the trailing null byte. server-tools/instance-manager/commands.cc: Copy only if overflow isn't possible in both cases. server-tools/instance-manager/listener.cc: Make room for the trailing null byte. sql/log.cc: Make room for the trailing null byte. sql/sp_pcontext.h: Cosmetic fix. sql/sql_acl.cc: MAX_HOSTNAME already specifies space for the trailing null byte. sql/sql_parse.cc: Make room for the trailing null byte. sql/sql_table.cc: Make room for the trailing null byte. |
||
|---|---|---|
| .. | ||
| .cvsignore | ||
| acinclude.m4 | ||
| client_settings.h | ||
| CMakeLists.txt | ||
| conf_to_src.c | ||
| dll.c | ||
| errmsg.c | ||
| get_password.c | ||
| libmysql.c | ||
| libmysql.def | ||
| libmysql.ver.in | ||
| Makefile.am | ||
| Makefile.shared | ||
| manager.c | ||