Bug#16900358 FIX FOR CVE-2012-5611 IS INCOMPLETE

Merging from mysql-5.1 to mysql-5.5
author: Venkata Sidagam <venkata.sidagam@oracle.com> 2013-10-16 14:16:32 +0530
committer: Venkata Sidagam <venkata.sidagam@oracle.com> 2013-10-16 14:16:32 +0530
commit: e84d48742e80eb185466feb5efd5b5352bbc7bfc (patch)
tree: 6e3e52ade44fcb7146187afb566fec726ae9d42e /sql
parent: 4522a8704fcfdc392fce408ebeb25e3f40060ec7 (diff)
parent: de0e8a02d18b4593e11b282b7c8641603b7cbfe9 (diff)
download: mariadb-git-e84d48742e80eb185466feb5efd5b5352bbc7bfc.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 32a8e49fa7c..8bd0589f854 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1588,7 +1588,8 @@ ulong acl_get(const char *host, const char *ip,
 
   copy_length= (size_t) (strlen(ip ? ip : "") +
                  strlen(user ? user : "") +
-                 strlen(db ? db : ""));
+                 strlen(db ? db : "")) + 2; /* Added 2 at the end to avoid  
+                                               buffer overflow at strmov()*/
   /*
     Make sure that strmov() operations do not result in buffer overflow.
   */
@@ -4957,7 +4958,8 @@ bool check_grant_db(THD *thd,const char *db)
   size_t copy_length;
 
   copy_length= (size_t) (strlen(sctx->priv_user ? sctx->priv_user : "") +
-                 strlen(db ? db : ""));
+                 strlen(db ? db : "")) + 1; /* Added 1 at the end to avoid  
+                                               buffer overflow at strmov()*/
 
   /*
     Make sure that strmov() operations do not result in buffer overflow.
author	Venkata Sidagam <venkata.sidagam@oracle.com>	2013-10-16 14:16:32 +0530
committer	Venkata Sidagam <venkata.sidagam@oracle.com>	2013-10-16 14:16:32 +0530
commit	e84d48742e80eb185466feb5efd5b5352bbc7bfc (patch)
tree	6e3e52ade44fcb7146187afb566fec726ae9d42e /sql
parent	4522a8704fcfdc392fce408ebeb25e3f40060ec7 (diff)
parent	de0e8a02d18b4593e11b282b7c8641603b7cbfe9 (diff)
download	mariadb-git-e84d48742e80eb185466feb5efd5b5352bbc7bfc.tar.gz