diff options
| author | Karthik Kamath <karthik.kamath@oracle.com> | 2016-11-10 15:11:57 +0530 |
|---|---|---|
| committer | Karthik Kamath <karthik.kamath@oracle.com> | 2016-11-10 15:11:57 +0530 |
| commit | a63185e8638365d401732803ba93b6b149d33c65 (patch) | |
| tree | 88854659041afe8608a9dc11cd192072cea6b9db /BUILD/compile-pentium-debug-max | |
| parent | 2f2103d540f86e326b22cef39183e8e0985da138 (diff) | |
| download | mariadb-git-a63185e8638365d401732803ba93b6b149d33c65.tar.gz | |
BUG#24437124: POSSIBLE BUFFER OVERFLOW ON CREATE TABLE
ANALYSIS:
=========
'CREATE TABLE' query with a large value for 'CONNECTION'
string reports an incorrect error.
The length of connection string is stored in .frm in two
bytes (max value= 65535). When the string length exceeds
the max value, the length is truncated to fit the two
bytes limit. Further processing leads to reading only a
part of the string as the length stored is incorrect. The
remaining part of the string is treated as engine type and
hence results in an error.
FIX:
====
We are now restricting the connection string length to 1024.
An appropriate error is reported if the length crosses this
limit.
NOTE:
=====
The 'PASSWORD' table option is documented as unused and
processed within a dead code. Hence it will not cause
similar issue with large strings.
Diffstat (limited to 'BUILD/compile-pentium-debug-max')
0 files changed, 0 insertions, 0 deletions