1 files changed, 6 insertions, 4 deletions

diff --git a/sql/sql_udf.cc b/sql/sql_udf.cc
index ae83cfef305..556e015e111 100644
--- a/sql/sql_udf.cc
+++ b/sql/sql_udf.cc
@@ -190,7 +190,9 @@ void udf_init()
       This is done to ensure that only approved dll from the system
       directories are used (to make this even remotely secure).
     */
-    if (strchr(dl_name, '/') || strlen(name) > NAME_LEN)
+    if (strchr(dl_name, '/') ||
+        IF_WIN(strchr(dl_name, '\\'),0) ||
+        strlen(name) > NAME_LEN)
     {
       sql_print_error("Invalid row in mysql.func table for function '%.64s'",
                       name);
@@ -219,7 +221,7 @@ void udf_init()
     }
     tmp->dlhandle = dl;
     {
-      char buf[MAX_FIELD_NAME+16], *missing;
+      char buf[NAME_LEN+16], *missing;
       if ((missing= init_syms(tmp, buf)))
       {
         sql_print_error(ER(ER_CANT_FIND_DL_ENTRY), missing);
@@ -403,7 +405,7 @@ int mysql_create_function(THD *thd,udf_func *udf)
     This is done to ensure that only approved dll from the system
     directories are used (to make this even remotely secure).
   */
-  if (strchr(udf->dl, '/'))
+  if (strchr(udf->dl, '/') || IF_WIN(strchr(dl_name, '\\'),0))
   {
     send_error(&thd->net, ER_UDF_NO_PATHS,ER(ER_UDF_NO_PATHS));
     DBUG_RETURN(1);
@@ -433,7 +435,7 @@ int mysql_create_function(THD *thd,udf_func *udf)
   }
   udf->dlhandle=dl;
   {
-    char buf[MAX_FIELD_NAME+16], *missing;
+    char buf[NAME_LEN+16], *missing;
     if ((missing= init_syms(udf, buf)))
     {
       net_printf(&thd->net, ER_CANT_FIND_DL_ENTRY, missing);