diff options
| author | Andrey Hristov <andrey@php.net> | 2010-04-27 08:02:08 +0000 |
|---|---|---|
| committer | Andrey Hristov <andrey@php.net> | 2010-04-27 08:02:08 +0000 |
| commit | 6f6909e582c80a4fcc8283ccebc435b4253e3bea (patch) | |
| tree | 1e62fe13825247a2d5d3b9e51b730912d552e407 | |
| parent | 739ebcc66e5033ec253f018c85a1b58a64a0b442 (diff) | |
| download | php-git-6f6909e582c80a4fcc8283ccebc435b4253e3bea.tar.gz | |
Fixed possible buffer overflow in mysqlnd_conn__list_fields.
| -rw-r--r-- | ext/mysqlnd/mysqlnd.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c index 69c294368e..df400f1e5e 100644 --- a/ext/mysqlnd/mysqlnd.c +++ b/ext/mysqlnd/mysqlnd.c @@ -1074,14 +1074,16 @@ MYSQLND_METHOD(mysqlnd_conn, list_fields)(MYSQLND * conn, const char *table, con p = buff; if (table && (table_len = strlen(table))) { - memcpy(p, table, MIN(table_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4)); - p += table_len; + size_t to_copy = MIN(table_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4); + memcpy(p, table, to_copy); + p += to_copy; *p++ = '\0'; } if (achtung_wild && (wild_len = strlen(achtung_wild))) { - memcpy(p, achtung_wild, MIN(wild_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4)); - p += wild_len; + size_t to_copy = MIN(wild_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4); + memcpy(p, achtung_wild, to_copy); + p += to_copy; *p++ = '\0'; } |