BUG#20622: Fix one-byte buffer overrun in IM directory string handling.

The problem was a call to convert_dirname() with a destination buffer that did not have room for the trailing slash added by that function. This could cause the instance manager to crash in some cases.
author: knielsen@mysql.com <> 2006-06-23 14:50:02 +0200
committer: knielsen@mysql.com <> 2006-06-23 14:50:02 +0200
commit: 98a5cdfe4cafb9e74d9d800e4b2979ac01765fab (patch)
tree: eeaf89f3a45a849ee7fb1618b1c0daaeb956ba6d /server-tools
parent: 01046bb7569109190722ec5a1f3c2a8f8b52350d (diff)
download: mariadb-git-98a5cdfe4cafb9e74d9d800e4b2979ac01765fab.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/server-tools/instance-manager/instance_options.cc b/server-tools/instance-manager/instance_options.cc
index 9389694822a..72621ed1662 100644
--- a/server-tools/instance-manager/instance_options.cc
+++ b/server-tools/instance-manager/instance_options.cc
@@ -391,8 +391,13 @@ int Instance_options::complete_initialization(const char *default_path,
   const char *tmp;
   char *end;
 
-  if (!mysqld_path && !(mysqld_path= strdup_root(&alloc, default_path)))
-    goto err;
+  if (!mysqld_path)
+  {
+    // Need one extra byte, as convert_dirname() adds a slash at the end.
+    if (!(mysqld_path= alloc_root(&alloc, strlen(default_path) + 2)))
+      goto err;
+    strcpy((char *)mysqld_path, default_path);
+  }
 
   // it's safe to cast this to char* since this is a buffer we are allocating
   end= convert_dirname((char*)mysqld_path, mysqld_path, NullS);
author	knielsen@mysql.com <>	2006-06-23 14:50:02 +0200
committer	knielsen@mysql.com <>	2006-06-23 14:50:02 +0200
commit	98a5cdfe4cafb9e74d9d800e4b2979ac01765fab (patch)
tree	eeaf89f3a45a849ee7fb1618b1c0daaeb956ba6d /server-tools
parent	01046bb7569109190722ec5a1f3c2a8f8b52350d (diff)
download	mariadb-git-98a5cdfe4cafb9e74d9d800e4b2979ac01765fab.tar.gz