The problem is that when copying the supplied username and
database, no bounds checking is performed on the fixed-length
buffer. A sufficiently large (> 512) user string can easily
cause stack corruption. Since this API can be used from PHP
and other programs, this is a serious problem.

The solution is to increase the buffer size to the accepted
size in similar functions and perform bounds checking when
copying the username and database.