sql/password.c: check for buffer overflow in check_scramble_323 (BUG#7187)

sql/password.c: check for buffer overflow in check_scramble_323
author: unknown <serg@serg.mylan> 2004-12-11 10:17:25 +0100
committer: unknown <serg@serg.mylan> 2004-12-11 10:17:25 +0100
commit: da6a5f6ec095b88fb9d0bf63a4d9e4675f1450a8 (patch)
tree: 209c3d730530e12617a31a72756f851eb9ac17bf /sql/password.c
parent: 14a81914938654c901aab7b01e117bb079d37df0 (diff)
download: mariadb-git-da6a5f6ec095b88fb9d0bf63a4d9e4675f1450a8.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/sql/password.c b/sql/password.c
index b9f3a07e596..04b3a46bd48 100644
--- a/sql/password.c
+++ b/sql/password.c
@@ -211,12 +211,13 @@ check_scramble_323(const char *scrambled, const char *message,
   ulong hash_message[2];
   char buff[16],*to,extra;                      /* Big enough for check */
   const char *pos;
-  
+
   hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
   randominit(&rand_st,hash_pass[0] ^ hash_message[0],
              hash_pass[1] ^ hash_message[1]);
   to=buff;
-  for (pos=scrambled ; *pos ; pos++)
+  DBUG_ASSERT(sizeof(buff) > SCRAMBLE_LENGTH_323);
+  for (pos=scrambled ; *pos && to < buff+sizeof(buff) ; pos++)
     *to++=(char) (floor(my_rnd(&rand_st)*31)+64);
   if (pos-scrambled != SCRAMBLE_LENGTH_323)
     return 1;
author	unknown <serg@serg.mylan>	2004-12-11 10:17:25 +0100
committer	unknown <serg@serg.mylan>	2004-12-11 10:17:25 +0100
commit	da6a5f6ec095b88fb9d0bf63a4d9e4675f1450a8 (patch)
tree	209c3d730530e12617a31a72756f851eb9ac17bf /sql/password.c
parent	14a81914938654c901aab7b01e117bb079d37df0 (diff)
download	mariadb-git-da6a5f6ec095b88fb9d0bf63a4d9e4675f1450a8.tar.gz