archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed buffer overflow in mysqlnd_change_user

Browse source
This commit is contained in:
Andrey Hristov 2010-04-27 08:26:24 +00:00
parent 3283b811eb
commit 5bb74e6562
2 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ext/mysqlnd/mysqlnd.c
View file

@ -1782,7 +1782,7 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
/*
User could be max 16 * 3 (utf8), pass is 20 usually, db is up to 64*3
Stack space is not that expensive, so use a bit more to be protected against
stack overrungs.
buffer overflows.
*/
size_t user_len;
enum_func_status ret;
@ -1805,7 +1805,7 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
}
/* 1. user ASCIIZ */
user_len = MIN(strlen(user), MYSQLND_MAX_ALLOWED_DB_LEN);
user_len = MIN(strlen(user), MYSQLND_MAX_ALLOWED_USER_LEN);
memcpy(p, user, user_len);
p += user_len;
*p++ = '\0';
@ -1821,8 +1821,8 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
/* 3. db ASCIIZ */
if (db[0]) {
size_t db_len = strlen(db);
memcpy(p, db, MIN(db_len, MYSQLND_MAX_ALLOWED_DB_LEN));
size_t db_len = MIN(strlen(db), MYSQLND_MAX_ALLOWED_DB_LEN);
memcpy(p, db, db_len);
p += db_len;
}
*p++ = '\0';