diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2006-05-21 16:10:28 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2006-05-21 16:10:28 +0000 |
commit | a2e5235b927deedc1decdf655c8283b19adc9069 (patch) | |
tree | 73ebc879574f61d84202d6ecc2dc42826e708bc8 | |
parent | 88b15c81ee12173d70c3d74736c804c126127e05 (diff) | |
download | php-git-a2e5235b927deedc1decdf655c8283b19adc9069.tar.gz |
Fixed a possible buffer overflow inside create_named_pipe() for Win32
systems in libmysql.c.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | ext/mysql/libmysql/libmysql.c | 4 |
2 files changed, 6 insertions, 0 deletions
@@ -1,6 +1,8 @@ PHP 4 NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2006, Version 4.4.3 +- Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems + in libmysql.c. (Ilia) - Updated PCRE to version 6.6. (Andrei) - Added overflow checks to wordwrap() function. (Ilia) - Added a check for special characters in the session name. (Ilia) diff --git a/ext/mysql/libmysql/libmysql.c b/ext/mysql/libmysql/libmysql.c index 94d6352252..a1f7a4520c 100644 --- a/ext/mysql/libmysql/libmysql.c +++ b/ext/mysql/libmysql/libmysql.c @@ -213,6 +213,10 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host, if (!host || !strcmp(host,LOCAL_HOST)) host=LOCAL_HOST_NAMEDPIPE; + if (sizeof(szPipeName) <= (strlen(host) + strlen(unix_socket) + sizeof("\\\\\\pipe\\"))) { + return INVALID_HANDLE_VALUE; + } + sprintf( szPipeName, "\\\\%s\\pipe\\%s", host, unix_socket); DBUG_PRINT("info",("Server name: '%s'. Named Pipe: %s", host, unix_socket)); |