Commit 3b476a8f authored Jan 28, 2006 by unknown

two buffer overflows fixed


sql/sp.cc:
  use strxnmov, just in case
sql/sql_parse.cc:
  init thd->security_ctx->priv_host,
  otherwise - buffer overflow in db_create_routine
sql/unireg.cc:
  not too nice to do bzero(buf, 9) after char buf[5], eh ?

parent 1fa5ff04

sql/sp.cc

+1 −1

Original line number	Diff line number	Diff line
		@@ -501,7 +501,7 @@ db_create_routine(THD thd, int type, sp_head sp)
		else
		{
		restore_record(table, s->default_values); // Get default values for fields
		strxmov(definer, thd->security_ctx->priv_user, "@",
		strxnmov(definer, sizeof(definer)-1, thd->security_ctx->priv_user, "@",
		thd->security_ctx->priv_host, NullS);

		if (table->s->fields != MYSQL_PROC_FIELD_COUNT)

sql/sql_parse.cc

+1 −0

Original line number	Diff line number	Diff line
		@@ -1253,6 +1253,7 @@ pthread_handler_t handle_bootstrap(void *arg)
		thd->version=refresh_version;
		thd->security_ctx->priv_user=
		thd->security_ctx->user= (char*) my_strdup("boot", MYF(MY_WME));
		thd->security_ctx->priv_host[0]=0;

		buff= (char*) thd->net.buff;
		thd->init_for_queries();

sql/unireg.cc

+3 −3

Original line number	Diff line number	Diff line
		@@ -84,7 +84,7 @@ bool mysql_create_frm(THD thd, const char file_name,
		uchar fileinfo[64],forminfo[288],*keybuff;
		TYPELIB formnames;
		uchar *screen_buff;
		char buff[5];
		char buff[32];
		#ifdef WITH_PARTITION_STORAGE_ENGINE
		partition_info *part_info= thd->lex->part_info;
		#endif