Bug #12910665: AUTH-PLUGIN-DATA-LEN NOT TESTED FOR VALIDITY BY THE

CLIENT Added a check for a negative second part of the scramble length.
author: Georgi Kodinov <Georgi.Kodinov@Oracle.com> 2012-06-29 14:04:24 +0300
committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com> 2012-06-29 14:04:24 +0300
commit: ca3e45dce14102c2b2d305493c61f46972218e67 (patch)
tree: 8d6a70d68a684c5a62fe7916444a314a2609c4d2 /sql-common/client.c
parent: 8b754968563559e71254b28af9108b3baef5e55c (diff)
download: mariadb-git-ca3e45dce14102c2b2d305493c61f46972218e67.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sql-common/client.c b/sql-common/client.c
index be24c5e89e4..ef1e3c1b7d4 100644
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -3415,6 +3415,12 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
     mysql->server_status=uint2korr(end+3);
     mysql->server_capabilities|= uint2korr(end+5) << 16;
     pkt_scramble_len= end[7];
+    if (pkt_scramble_len < 0)
+    {
+      set_mysql_error(mysql, CR_MALFORMED_PACKET,
+                      unknown_sqlstate);        /* purecov: inspected */
+      goto error;
+    }
   }
   end+= 18;
author	Georgi Kodinov <Georgi.Kodinov@Oracle.com>	2012-06-29 14:04:24 +0300
committer	Georgi Kodinov <Georgi.Kodinov@Oracle.com>	2012-06-29 14:04:24 +0300
commit	ca3e45dce14102c2b2d305493c61f46972218e67 (patch)
tree	8d6a70d68a684c5a62fe7916444a314a2609c4d2 /sql-common/client.c
parent	8b754968563559e71254b28af9108b3baef5e55c (diff)
download	mariadb-git-ca3e45dce14102c2b2d305493c61f46972218e67.tar.gz