diff options
author | serg@serg.mylan <> | 2004-12-11 10:17:25 +0100 |
---|---|---|
committer | serg@serg.mylan <> | 2004-12-11 10:17:25 +0100 |
commit | d7acab153049fdef43b47000ec5c7fea96da8b59 (patch) | |
tree | 209c3d730530e12617a31a72756f851eb9ac17bf /sql | |
parent | 68174d7acec14a622e216e2bc7625a4e668692fd (diff) | |
download | mariadb-git-d7acab153049fdef43b47000ec5c7fea96da8b59.tar.gz |
sql/password.c: check for buffer overflow in check_scramble_323 (BUG#7187)
Diffstat (limited to 'sql')
-rw-r--r-- | sql/password.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sql/password.c b/sql/password.c index b9f3a07e596..04b3a46bd48 100644 --- a/sql/password.c +++ b/sql/password.c @@ -211,12 +211,13 @@ check_scramble_323(const char *scrambled, const char *message, ulong hash_message[2]; char buff[16],*to,extra; /* Big enough for check */ const char *pos; - + hash_password(hash_message, message, SCRAMBLE_LENGTH_323); randominit(&rand_st,hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]); to=buff; - for (pos=scrambled ; *pos ; pos++) + DBUG_ASSERT(sizeof(buff) > SCRAMBLE_LENGTH_323); + for (pos=scrambled ; *pos && to < buff+sizeof(buff) ; pos++) *to++=(char) (floor(my_rnd(&rand_st)*31)+64); if (pos-scrambled != SCRAMBLE_LENGTH_323) return 1; |