diff options
| -rw-r--r-- | mysys/mf_loadpath.c | 11 | ||||
| -rw-r--r-- | mysys/my_getwd.c | 7 | ||||
| -rw-r--r-- | sql/item.cc | 12 | ||||
| -rw-r--r-- | sql/item.h | 4 | ||||
| -rw-r--r-- | sql/mysqld.cc | 5 |
5 files changed, 33 insertions, 6 deletions
diff --git a/mysys/mf_loadpath.c b/mysys/mf_loadpath.c index 48a69207839..1df613a1733 100644 --- a/mysys/mf_loadpath.c +++ b/mysys/mf_loadpath.c @@ -34,7 +34,7 @@ char * my_load_path(char * to, const char *path, if ((path[0] == FN_HOMELIB && path[1] == FN_LIBCHAR) || test_if_hard_path(path)) - VOID(strmov(buff,path)); + VOID(strnmov(buff, path, FN_REFLEN)); else if ((is_cur=(path[0] == FN_CURLIB && path[1] == FN_LIBCHAR)) || (is_prefix(path,FN_PARENTDIR)) || ! own_path_prefix) @@ -42,13 +42,14 @@ char * my_load_path(char * to, const char *path, if (is_cur) is_cur=2; /* Remove current dir */ if (! my_getwd(buff,(uint) (FN_REFLEN-strlen(path)+is_cur),MYF(0))) - VOID(strcat(buff,path+is_cur)); + VOID(strncat(buff, path+is_cur, FN_REFLEN)); else - VOID(strmov(buff,path)); /* Return org file name */ + VOID(strnmov(buff, path, FN_REFLEN)); /* Return org file name */ } else - VOID(strxmov(buff,own_path_prefix,path,NullS)); - strmov(to,buff); + VOID(strxnmov(buff, FN_REFLEN, own_path_prefix,path, NullS)); + strnmov(to, buff, FN_REFLEN); + to[FN_REFLEN-1]= '\0'; DBUG_PRINT("exit",("to: %s",to)); DBUG_RETURN(to); } /* my_load_path */ diff --git a/mysys/my_getwd.c b/mysys/my_getwd.c index e0c5b94b53e..e6b867e2753 100644 --- a/mysys/my_getwd.c +++ b/mysys/my_getwd.c @@ -50,11 +50,16 @@ int my_getwd(char * buf, size_t size, myf MyFlags) DBUG_PRINT("my",("buf: 0x%lx size: %u MyFlags %d", (long) buf, (uint) size, MyFlags)); + if (size < 1) + return(-1); + if (curr_dir[0]) /* Current pos is saved here */ VOID(strmake(buf,&curr_dir[0],size-1)); else { #if defined(HAVE_GETCWD) + if (size < 2) + return(-1); if (!getcwd(buf,(uint) (size-2)) && MyFlags & MY_WME) { my_errno=errno; @@ -68,6 +73,8 @@ int my_getwd(char * buf, size_t size, myf MyFlags) strmake(buf,pathname,size-1); } #elif defined(VMS) + if (size < 2) + return(-1); if (!getcwd(buf,size-2,1) && MyFlags & MY_WME) { my_errno=errno; diff --git a/sql/item.cc b/sql/item.cc index 3407d2fecd4..2175a579f4a 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -5366,13 +5366,25 @@ inline uint char_val(char X) X-'a'+10); } +Item_hex_string::Item_hex_string() +{ + hex_string_init("", 0); +} Item_hex_string::Item_hex_string(const char *str, uint str_length) { + hex_string_init(str, str_length); +} + +void Item_hex_string::hex_string_init(const char *str, uint str_length) +{ max_length=(str_length+1)/2; char *ptr=(char*) sql_alloc(max_length+1); if (!ptr) + { + str_value.set("", 0, &my_charset_bin); return; + } str_value.set(ptr,max_length,&my_charset_bin); char *end=ptr+max_length; if (max_length*2 != str_length) diff --git a/sql/item.h b/sql/item.h index d2303853743..174995b43e6 100644 --- a/sql/item.h +++ b/sql/item.h @@ -2123,7 +2123,7 @@ public: class Item_hex_string: public Item_basic_constant { public: - Item_hex_string() {} + Item_hex_string(); Item_hex_string(const char *str,uint str_length); enum Type type() const { return VARBIN_ITEM; } double val_real() @@ -2143,6 +2143,8 @@ public: bool eq(const Item *item, bool binary_cmp) const; virtual Item *safe_charset_converter(CHARSET_INFO *tocs); bool check_partition_func_processor(uchar *int_arg) {return FALSE;} +private: + void hex_string_init(const char *str, uint str_length); }; diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 24614737a59..3664f46995f 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -8796,6 +8796,9 @@ bool is_secure_file_path(char *path) if (!opt_secure_file_priv) return TRUE; + if (strlen(path) >= FN_REFLEN) + return FALSE; + if (my_realpath(buff1, path, 0)) { /* @@ -8882,6 +8885,8 @@ static int fix_paths(void) } else { + if (strlen(opt_secure_file_priv) >= FN_REFLEN) + opt_secure_file_priv[FN_REFLEN-1]= '\0'; if (my_realpath(buff, opt_secure_file_priv, 0)) { sql_print_warning("Failed to normalize the argument for --secure-file-priv."); |