diff options
| author | unknown <monty@mashka.mysql.fi> | 2002-12-26 18:26:37 +0200 |
|---|---|---|
| committer | unknown <monty@mashka.mysql.fi> | 2002-12-26 18:26:37 +0200 |
| commit | f1696d4f5f001d59204f19b2ef3fa921c9336a0f (patch) | |
| tree | 52c14204adc0f3d7ef9707add0e6d1da72ed37d8 /sql | |
| parent | ad22d0cbacd59f7dcac4ccc121486c614e609b93 (diff) | |
| download | mariadb-git-f1696d4f5f001d59204f19b2ef3fa921c9336a0f.tar.gz | |
Cut hostnames at HOSTNAME_LENGTH to avoid theoretical hostname overruns
Changed long packat handling to check for packets of length 0xffffff.
This does however break packet handling for older clients.
If you are using packets >= 16M then you need to upgrade client and server
after this patch.
Docs/internals.texi:
Updated documentation for 4.1 protocol
sql/ha_innodb.cc:
Optimization of checking command
sql/item.h:
Removed automatic set of length for Item_string
sql/item_create.cc:
Optimized create of create_func_current_user()
sql/net_serv.cc:
Fixed wrong max packet length
sql/sql_acl.cc:
Safety fix.
sql/sql_parse.cc:
Cut hostnames at HOSTNAME_LENGTH to avoid theoretical hostname overruns
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/ha_innodb.cc | 9 | ||||
| -rw-r--r-- | sql/item.h | 2 | ||||
| -rw-r--r-- | sql/item_create.cc | 12 | ||||
| -rw-r--r-- | sql/net_serv.cc | 2 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 2 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 2 |
6 files changed, 14 insertions, 15 deletions
diff --git a/sql/ha_innodb.cc b/sql/ha_innodb.cc index dd718f02ba9..b34de8cb831 100644 --- a/sql/ha_innodb.cc +++ b/sql/ha_innodb.cc @@ -1907,12 +1907,9 @@ ha_innobase::write_row( the counter here. */ skip_auto_inc_decr = FALSE; - - if (error == DB_DUPLICATE_KEY) { - ut_a(user_thd->query); - dict_accept(user_thd->query, "REPLACE", - &skip_auto_inc_decr); - } + if (error == DB_DUPLICATE_KEY && + user_thd->lex.sql_command == SQLCOM_REPLACE) + skip_auto_inc_decr= TRUE; if (!skip_auto_inc_decr && incremented_auto_inc_counter && prebuilt->trx->auto_inc_lock) { diff --git a/sql/item.h b/sql/item.h index 05b906a66a6..67dcc8ad7b8 100644 --- a/sql/item.h +++ b/sql/item.h @@ -267,8 +267,6 @@ public: } Item_string(const char *name_par,const char *str,uint length) { - if (!length) - length=strlen(str); str_value.set(str,length); max_length=length; name=(char*) name_par; diff --git a/sql/item_create.cc b/sql/item_create.cc index 1f0bad8eda3..c6fca1c01e1 100644 --- a/sql/item_create.cc +++ b/sql/item_create.cc @@ -294,10 +294,12 @@ Item *create_func_pow(Item* a, Item *b) Item *create_func_current_user() { THD *thd=current_thd; - Item_string *res=new Item_string("CURRENT_USER()", thd->priv_user, 0); - res->append("@", 1); - res->append((char *)thd->host_or_ip, 0); - return res; + char buff[HOSTNAME_LENGTH+USERNAME_LENGTH+2]; + uint length; + + length= (uint) (strxmov(buff, thd->priv_user, "@", thd->host_or_ip, NullS) - + buff); + return new Item_string("CURRENT_USER()", thd->memdup(buff, length), length); } Item *create_func_quarter(Item* a) @@ -403,7 +405,7 @@ Item *create_func_ucase(Item* a) Item *create_func_version(void) { - return new Item_string("VERSION()",server_version, 0); + return new Item_string("VERSION()",server_version, strlen(server_version)); } Item *create_func_weekday(Item* a) diff --git a/sql/net_serv.cc b/sql/net_serv.cc index 122793b07a7..ac73a4ca15a 100644 --- a/sql/net_serv.cc +++ b/sql/net_serv.cc @@ -73,7 +73,7 @@ extern pthread_mutex_t LOCK_bytes_sent , LOCK_bytes_received; #include "thr_alarm.h" #define TEST_BLOCKING 8 -#define MAX_THREE_BYTES 255L*255L*255L +#define MAX_THREE_BYTES (256L*256L*256L-1) static int net_write_buff(NET *net,const char *packet,ulong len); diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 673bc441b6b..1f8f25e5fb8 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1870,7 +1870,7 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, ulong rights, ulong col_rights, bool revoke_grant) { - char grantor[HOSTNAME_LENGTH+1+USERNAME_LENGTH]; + char grantor[HOSTNAME_LENGTH+USERNAME_LENGTH+2]; int old_row_exists = 1; int error=0; ulong store_table_rights, store_col_rights; diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index d9f2b9ca70d..7caf75b6639 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -496,6 +496,7 @@ check_connections(THD *thd) { vio_in_addr(net->vio,&thd->remote.sin_addr); thd->host=ip_to_hostname(&thd->remote.sin_addr,&connect_errors); + thd->host[strnlen(thd->host, HOSTNAME_LENGTH)]= 0; if (connect_errors > max_connect_errors) return(ER_HOST_IS_BLOCKED); } @@ -512,6 +513,7 @@ check_connections(THD *thd) thd->ip=0; bzero((char*) &thd->remote,sizeof(struct sockaddr)); } + /* Ensure that wrong hostnames doesn't cause buffer overflows */ vio_keepalive(net->vio, TRUE); ulong pkt_len=0; |