summaryrefslogtreecommitdiff
path: root/sql
diff options
context:
space:
mode:
authorserg@serg.mylan <>2004-12-11 10:17:25 +0100
committerserg@serg.mylan <>2004-12-11 10:17:25 +0100
commitd7acab153049fdef43b47000ec5c7fea96da8b59 (patch)
tree209c3d730530e12617a31a72756f851eb9ac17bf /sql
parent68174d7acec14a622e216e2bc7625a4e668692fd (diff)
downloadmariadb-git-d7acab153049fdef43b47000ec5c7fea96da8b59.tar.gz
sql/password.c: check for buffer overflow in check_scramble_323 (BUG#7187)
Diffstat (limited to 'sql')
-rw-r--r--sql/password.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/sql/password.c b/sql/password.c
index b9f3a07e596..04b3a46bd48 100644
--- a/sql/password.c
+++ b/sql/password.c
@@ -211,12 +211,13 @@ check_scramble_323(const char *scrambled, const char *message,
ulong hash_message[2];
char buff[16],*to,extra; /* Big enough for check */
const char *pos;
-
+
hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
randominit(&rand_st,hash_pass[0] ^ hash_message[0],
hash_pass[1] ^ hash_message[1]);
to=buff;
- for (pos=scrambled ; *pos ; pos++)
+ DBUG_ASSERT(sizeof(buff) > SCRAMBLE_LENGTH_323);
+ for (pos=scrambled ; *pos && to < buff+sizeof(buff) ; pos++)
*to++=(char) (floor(my_rnd(&rand_st)*31)+64);
if (pos-scrambled != SCRAMBLE_LENGTH_323)
return 1;