diff options
| -rw-r--r-- | libmysql/libmysql.c | 4 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 13 |
2 files changed, 13 insertions, 4 deletions
diff --git a/libmysql/libmysql.c b/libmysql/libmysql.c index adac6c7cd48..f2c16eb85de 100644 --- a/libmysql/libmysql.c +++ b/libmysql/libmysql.c @@ -736,8 +736,8 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user, if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION) { - *end= (uchar) mysql->charset->number; - ++end; + int2store(end, (ushort) mysql->charset->number); + end+= 2; } /* Write authentication package */ diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 923fd1b2bfe..ab9cace7a17 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -878,10 +878,19 @@ bool dispatch_command(enum enum_server_command command, THD *thd, } db_length= strlen(db); + char *ptr= db + db_length + 1; uint cs_number= 0; - if (db + db_length < packet_end) - cs_number= (uchar) *(db + db_length + 1); + if (ptr < packet_end) + { + if (ptr + 2 > packet_end) + { + my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); + break; + } + + cs_number= uint2korr(ptr); + } /* Convert database name to utf8 */ db_buff[copy_and_convert(db_buff, sizeof(db_buff)-1, |