diff options
| author | unknown <serg@serg.mylan> | 2006-01-28 19:21:40 +0100 |
|---|---|---|
| committer | unknown <serg@serg.mylan> | 2006-01-28 19:21:40 +0100 |
| commit | 3b476a8ff21e763d379148b683a8d9457ce7fa2e (patch) | |
| tree | b336dde22e93d943fccd2e9f3e525e48dd1852a9 /sql/sp.cc | |
| parent | 1fa5ff048864162f1c501ff23f1ae7f6520e6b4f (diff) | |
| download | mariadb-git-3b476a8ff21e763d379148b683a8d9457ce7fa2e.tar.gz | |
two buffer overflows fixed
sql/sp.cc:
use strxnmov, just in case
sql/sql_parse.cc:
init thd->security_ctx->priv_host,
otherwise - buffer overflow in db_create_routine
sql/unireg.cc:
not too nice to do bzero(buf, 9) after char buf[5], eh ?
Diffstat (limited to 'sql/sp.cc')
| -rw-r--r-- | sql/sp.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sp.cc b/sql/sp.cc index 8409f364414..bf639b13a41 100644 --- a/sql/sp.cc +++ b/sql/sp.cc @@ -501,7 +501,7 @@ db_create_routine(THD *thd, int type, sp_head *sp) else { restore_record(table, s->default_values); // Get default values for fields - strxmov(definer, thd->security_ctx->priv_user, "@", + strxnmov(definer, sizeof(definer)-1, thd->security_ctx->priv_user, "@", thd->security_ctx->priv_host, NullS); if (table->s->fields != MYSQL_PROC_FIELD_COUNT) |