Fixed buffer overflow in mysqlnd_change_user

author: Andrey Hristov <andrey@php.net> 2010-04-27 08:26:24 +0000
committer: Andrey Hristov <andrey@php.net> 2010-04-27 08:26:24 +0000
commit: 5bb74e6562f02e604d7f46ada6cd48b1e81ec380 (patch)
tree: 1bb597fea4b0adc1e4f9ad7e29f22d5352fd0684 /ext/mysqlnd/mysqlnd.c
parent: 3283b811eb58a15e3c2bb9a27acaaa8059e0bccf (diff)
download: php-git-5bb74e6562f02e604d7f46ada6cd48b1e81ec380.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
index df400f1e5e..bae82d4849 100644
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@@ -1782,7 +1782,7 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
 	/*
 	  User could be max 16 * 3 (utf8), pass is 20 usually, db is up to 64*3
 	  Stack space is not that expensive, so use a bit more to be protected against
-	  stack overrungs.
+	  buffer overflows.
 	*/
 	size_t user_len;
 	enum_func_status ret;
@@ -1805,7 +1805,7 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
 	}
 
 	/* 1. user ASCIIZ */
-	user_len = MIN(strlen(user), MYSQLND_MAX_ALLOWED_DB_LEN);
+	user_len = MIN(strlen(user), MYSQLND_MAX_ALLOWED_USER_LEN);
 	memcpy(p, user, user_len);
 	p += user_len;
 	*p++ = '\0';
@@ -1821,8 +1821,8 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
 
 	/* 3. db ASCIIZ */
 	if (db[0]) {
-		size_t db_len = strlen(db);
-		memcpy(p, db, MIN(db_len, MYSQLND_MAX_ALLOWED_DB_LEN));
+		size_t db_len = MIN(strlen(db), MYSQLND_MAX_ALLOWED_DB_LEN);
+		memcpy(p, db, db_len);
 		p += db_len;
 	}
 	*p++ = '\0';
author	Andrey Hristov <andrey@php.net>	2010-04-27 08:26:24 +0000
committer	Andrey Hristov <andrey@php.net>	2010-04-27 08:26:24 +0000
commit	5bb74e6562f02e604d7f46ada6cd48b1e81ec380 (patch)
tree	1bb597fea4b0adc1e4f9ad7e29f22d5352fd0684 /ext/mysqlnd/mysqlnd.c
parent	3283b811eb58a15e3c2bb9a27acaaa8059e0bccf (diff)
download	php-git-5bb74e6562f02e604d7f46ada6cd48b1e81ec380.tar.gz