Mageia Bugzilla – Attachment 3464 Details for
Bug 8247
mariadb bugfix update
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
[patch]
sql/sql_acl.cc.rej
sql_acl.cc.rej (text/plain), 771 bytes, created by
David Walser
on 2013-01-31 23:04:45 CET
(
hide
)
Description:
sql/sql_acl.cc.rej
Filename:
MIME Type:
Creator:
David Walser
Created:
2013-01-31 23:04:45 CET
Size:
771 bytes
patch
obsolete
>--- sql/sql_acl.cc 2011-11-21 17:13:14 +0000 >+++ sql/sql_acl.cc 2012-11-12 18:56:51 +0000 >@@ -4958,11 +4964,17 @@ > bool check_grant_db(THD *thd,const char *db) > { > Security_context *sctx= thd->security_ctx; >- char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2]; >+ char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2], *end; > uint len; > bool error= TRUE; > >- len= (uint) (strmov(strmov(helping, sctx->priv_user) + 1, db) - helping) + 1; >+ end= strmov(helping, sctx->priv_user) + 1; >+ end= strnmov(end, db, helping + sizeof(helping) - end); >+ >+ if (end >= helping + sizeof(helping)) // db name was truncated >+ return 1; // no privileges for an invalid db name >+ >+ len= (uint) (end - helping) + 1; > > mysql_rwlock_rdlock(&LOCK_grant); >
--- sql/sql_acl.cc 2011-11-21 17:13:14 +0000 +++ sql/sql_acl.cc 2012-11-12 18:56:51 +0000 @@ -4958,11 +4964,17 @@ bool check_grant_db(THD *thd,const char *db) { Security_context *sctx= thd->security_ctx; - char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2]; + char helping [SAFE_NAME_LEN + USERNAME_LENGTH+2], *end; uint len; bool error= TRUE; - len= (uint) (strmov(strmov(helping, sctx->priv_user) + 1, db) - helping) + 1; + end= strmov(helping, sctx->priv_user) + 1; + end= strnmov(end, db, helping + sizeof(helping) - end); + + if (end >= helping + sizeof(helping)) // db name was truncated + return 1; // no privileges for an invalid db name + + len= (uint) (end - helping) + 1; mysql_rwlock_rdlock(&LOCK_grant);
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 8247
: 3464 |
3465