Bug #18186103 BUFFER OVERFLOW IN CLIENT

Problem: While printing the Server version, mysql client
         doesn't check for the buffer overflow in a
         String variable.

Solution: Used a different print function which checks the
          allocated length before writing into the string.

1 files changed, 4 insertions, 4 deletions

diff --git a/client/mysql.cc b/client/mysql.cc
index 5deb978a593..6520dce076a 100644
--- a/client/mysql.cc
+++ b/client/mysql.cc
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1176,9 +1176,9 @@ int main(int argc,char *argv[])
 
   put_info("Welcome to the MySQL monitor.  Commands end with ; or \\g.",
 	   INFO_INFO);
-  sprintf((char*) glob_buffer.ptr(),
-	  "Your MySQL connection id is %lu\nServer version: %s\n",
-	  mysql_thread_id(&mysql), server_version_string(&mysql));
+  snprintf((char*) glob_buffer.ptr(), glob_buffer.alloced_length(),
+	   "Your MySQL connection id is %lu\nServer version: %s\n",
+	   mysql_thread_id(&mysql), server_version_string(&mysql));
   put_info((char*) glob_buffer.ptr(),INFO_INFO);
 
   put_info(ORACLE_WELCOME_COPYRIGHT_NOTICE("2000"), INFO_INFO);