Commit 904655e6 authored by unknown's avatar unknown

better use of fn_format() in ha_mysisam::restore() and ha_myisam::backup()

fixed buffer overflow in fn_format()


mysys/mf_format.c:
  fixed coredump when dsk overflows
sql/ha_myisam.cc:
  switched from my own pointer black magic in forming a file name to use
  the functionionality of fn_format()
parent ce6b0d07
......@@ -53,7 +53,8 @@ my_string fn_format(my_string to, const char *name, const char *dsk,
name+=(length=dirname_part(dev,(startpos=(my_string) name)));
if (length == 0 || flag & 1)
{
(void) strmov(dev,dsk); /* Use given directory */
(void) strnmov(dev,dsk, sizeof(dev) - 2);
/* Use given directory */
convert_dirname(dev); /* Fix to this OS */
}
if (flag & 8)
......
......@@ -333,21 +333,12 @@ int ha_myisam::restore(THD* thd, HA_CHECK_OPT *check_opt)
HA_CHECK_OPT tmp_check_opt;
char* backup_dir = thd->lex.backup_dir;
char src_path[FN_REFLEN], dst_path[FN_REFLEN];
int backup_dir_len = strlen(backup_dir);
char* table_name = table->real_name;
int table_name_len = strlen(table_name);
if(backup_dir_len + table_name_len + 4 >= FN_REFLEN)
if(!fn_format(src_path, table_name, backup_dir, MI_NAME_DEXT, 4 + 64))
return HA_ADMIN_INVALID;
memcpy(src_path, backup_dir, backup_dir_len);
char* p = src_path + backup_dir_len;
*p++ = '/';
memcpy(p, table_name, table_name_len);
p += table_name_len;
*p = 0;
fn_format(src_path, src_path, "", MI_NAME_DEXT, 4);
int error = 0;
char* errmsg = "";
const char* errmsg = "";
if(my_copy(src_path, fn_format(dst_path, table->path, "",
MI_NAME_DEXT, 4), MYF(MY_WME)))
......@@ -378,28 +369,21 @@ int ha_myisam::backup(THD* thd, HA_CHECK_OPT *check_opt)
{
char* backup_dir = thd->lex.backup_dir;
char src_path[FN_REFLEN], dst_path[FN_REFLEN];
int backup_dir_len = strlen(backup_dir);
char* table_name = table->real_name;
int table_name_len = strlen(table_name);
if(backup_dir_len + table_name_len + 4 >= FN_REFLEN)
if(!fn_format(dst_path, table_name, backup_dir, reg_ext, 4 + 64))
return HA_ADMIN_INVALID;
memcpy(dst_path, backup_dir, backup_dir_len);
char* p = dst_path + backup_dir_len;
*p++ = '/';
memcpy(p, table_name, table_name_len);
p += table_name_len;
*p = 0;
if(my_copy(fn_format(src_path, table->path,"", reg_ext, 4),
fn_format(dst_path, dst_path, "", reg_ext, 4),
dst_path,
MYF(MY_WME | MY_HOLD_ORIGINAL_MODES )))
{
return HA_ADMIN_FAILED;
}
*p = 0;
*(fn_ext(src_path)) = 0;
if(my_copy(fn_format(src_path, src_path,"", MI_NAME_DEXT, 4),
fn_format(dst_path, dst_path, "", MI_NAME_DEXT, 4),
if(!fn_format(dst_path, table_name, backup_dir, MI_NAME_DEXT, 4 + 64))
return HA_ADMIN_INVALID;
if(my_copy(fn_format(src_path, table->path,"", MI_NAME_DEXT, 4),
dst_path,
MYF(MY_WME | MY_HOLD_ORIGINAL_MODES )) )
return HA_ADMIN_FAILED;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment