-
unknown authored
protocol Fixed duplicated code, same as last commit. One could send a malformed packet that caused the server to SEGV. In recent versions of the password protocol, the client tells the server what length the ciphertext is (almost always 20). If that length was large enough to overflow a signed char, then the number would jump to very large after being casted to unsigned int. Instead, cast the *passwd char to uchar. sql/sql_parse.cc: Additional location of signed-char casted to uint.
73545200