summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrey Hristov <andrey@php.net>2010-04-27 08:26:24 +0000
committerAndrey Hristov <andrey@php.net>2010-04-27 08:26:24 +0000
commit207a72ca0e3fa7b101829578e29443f6292744bb (patch)
tree0c04f5daff7ed181f5163644a7618ede3a332fe0
parent8ba86768e79d15c6ec50895f555371a610801068 (diff)
downloadphp-git-207a72ca0e3fa7b101829578e29443f6292744bb.tar.gz
Fixed buffer overflow in mysqlnd_change_user
Diffstat
-rw-r--r--ext/mysqlnd/mysqlnd.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
index df400f1e5e..bae82d4849 100644
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@@ -1782,7 +1782,7 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
/*
User could be max 16 * 3 (utf8), pass is 20 usually, db is up to 64*3
Stack space is not that expensive, so use a bit more to be protected against
- stack overrungs.
+ buffer overflows.
*/
size_t user_len;
enum_func_status ret;
@@ -1805,7 +1805,7 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
}
/* 1. user ASCIIZ */
- user_len = MIN(strlen(user), MYSQLND_MAX_ALLOWED_DB_LEN);
+ user_len = MIN(strlen(user), MYSQLND_MAX_ALLOWED_USER_LEN);
memcpy(p, user, user_len);
p += user_len;
*p++ = '\0';
@@ -1821,8 +1821,8 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
/* 3. db ASCIIZ */
if (db[0]) {
- size_t db_len = strlen(db);
- memcpy(p, db, MIN(db_len, MYSQLND_MAX_ALLOWED_DB_LEN));
+ size_t db_len = MIN(strlen(db), MYSQLND_MAX_ALLOWED_DB_LEN);
+ memcpy(p, db, db_len);
p += db_len;
}
*p++ = '\0';
View Lorry Controller Status