From 0bc8837943cff36d4784f2b8960d66146aeb2750 Mon Sep 17 00:00:00 2001
From: unknown <reggie@mdk10.(none)>
Date: Tue, 21 Jun 2005 13:35:12 -0500
Subject: Bug #9148  Denial of Service

my_access.c:
  Fixed problem where in some cases check_if_legal_filename was returning 0 for illegal names


mysys/my_access.c:
  Fixed problem where in some cases check_if_legal_filename was returning 0 for illegal names
---
 mysys/my_access.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'mysys/my_access.c')

diff --git a/mysys/my_access.c b/mysys/my_access.c
index 89e90e16f18..1b9ad6ff380 100644
--- a/mysys/my_access.c
+++ b/mysys/my_access.c
@@ -93,18 +93,20 @@ int check_if_legal_filename(const char *path)
   path+= dirname_length(path);                  /* To start of filename */
   if (!(end= strchr(path, FN_EXTCHAR)))
     end= strend(path);
-  if (path == end || (uint) (path - end) > MAX_RESERVED_NAME_LENGTH)
+  if (path == end || (uint) (end - path) > MAX_RESERVED_NAME_LENGTH)
     DBUG_RETURN(0);                             /* Simplify inner loop */
 
   for (reserved_name= reserved_names; *reserved_name; reserved_name++)
   {
     const char *name= path;
-    while (name != end)
+    const char *current_reserved_name= *reserved_name;
+    
+    while (name != end && *current_reserved_name)
     {
-      if (my_toupper(&my_charset_latin1, *path) !=
-          my_toupper(&my_charset_latin1, *name))
+      if (*current_reserved_name != my_toupper(&my_charset_latin1, *name))
         break;
-      if (name++ == end)
+      current_reserved_name++;
+      if (++name == end)
         DBUG_RETURN(1);                         /* Found wrong path */
     }
   }
-- 
cgit v1.2.1