Commit cb297415 authored by Shishir Jaiswal's avatar Shishir Jaiswal

Bug#21977380 - POSSIBLE BUFFER OVERFLOW ISSUES

DESCRIPTION
===========
Buffer overflow is reported in a lot of code sections
spanning across server, client programs, Regex libraries
etc. If not handled appropriately, they can cause abnormal
behaviour.

ANALYSIS
========
The reported casea are the ones which are likely to result
in SEGFAULT, MEMORY LEAK etc.

FIX
===
- sprintf() has been replaced by my_snprintf() to avoid
buffer overflow.
- my_free() is done after checking if the pointer isn't
  NULL already and setting it to NULL thereafter at few
  places.
- Buffer is ensured to be large enough to hold the data.
- 'unsigned int' (aka 'uint') is replaced with 'size_t'
to avoid wraparound.
- Memory is freed (if not done so) after its alloced and
used.
- Inserted assert() for size check in InnoDb memcached
code (from 5.6 onwards)
- Other minor changes
parent df7ecf64
...@@ -213,13 +213,13 @@ static int process_selected_tables(char *db, char **table_names, int tables); ...@@ -213,13 +213,13 @@ static int process_selected_tables(char *db, char **table_names, int tables);
static int process_all_tables_in_db(char *database); static int process_all_tables_in_db(char *database);
static int process_one_db(char *database); static int process_one_db(char *database);
static int use_db(char *database); static int use_db(char *database);
static int handle_request_for_tables(char *tables, uint length); static int handle_request_for_tables(char *tables, size_t length);
static int dbConnect(char *host, char *user,char *passwd); static int dbConnect(char *host, char *user,char *passwd);
static void dbDisconnect(char *host); static void dbDisconnect(char *host);
static void DBerror(MYSQL *mysql, const char *when); static void DBerror(MYSQL *mysql, const char *when);
static void safe_exit(int error); static void safe_exit(int error);
static void print_result(); static void print_result();
static uint fixed_name_length(const char *name); static size_t fixed_name_length(const char *name);
static char *fix_table_name(char *dest, char *src); static char *fix_table_name(char *dest, char *src);
int what_to_do = 0; int what_to_do = 0;
...@@ -486,7 +486,7 @@ static int process_selected_tables(char *db, char **table_names, int tables) ...@@ -486,7 +486,7 @@ static int process_selected_tables(char *db, char **table_names, int tables)
*end++= ','; *end++= ',';
} }
*--end = 0; *--end = 0;
handle_request_for_tables(table_names_comma_sep + 1, (uint) (tot_length - 1)); handle_request_for_tables(table_names_comma_sep + 1, tot_length - 1);
my_free(table_names_comma_sep); my_free(table_names_comma_sep);
} }
else else
...@@ -496,10 +496,10 @@ static int process_selected_tables(char *db, char **table_names, int tables) ...@@ -496,10 +496,10 @@ static int process_selected_tables(char *db, char **table_names, int tables)
} /* process_selected_tables */ } /* process_selected_tables */
static uint fixed_name_length(const char *name) static size_t fixed_name_length(const char *name)
{ {
const char *p; const char *p;
uint extra_length= 2; /* count the first/last backticks */ size_t extra_length= 2; /* count the first/last backticks */
for (p= name; *p; p++) for (p= name; *p; p++)
{ {
...@@ -508,7 +508,7 @@ static uint fixed_name_length(const char *name) ...@@ -508,7 +508,7 @@ static uint fixed_name_length(const char *name)
else if (*p == '.') else if (*p == '.')
extra_length+= 2; extra_length+= 2;
} }
return (uint) ((p - name) + extra_length); return (size_t) ((p - name) + extra_length);
} }
...@@ -564,7 +564,7 @@ static int process_all_tables_in_db(char *database) ...@@ -564,7 +564,7 @@ static int process_all_tables_in_db(char *database)
*/ */
char *tables, *end; char *tables, *end;
uint tot_length = 0; size_t tot_length = 0;
while ((row = mysql_fetch_row(res))) while ((row = mysql_fetch_row(res)))
tot_length+= fixed_name_length(row[0]) + 2; tot_length+= fixed_name_length(row[0]) + 2;
...@@ -622,7 +622,9 @@ static int fix_table_storage_name(const char *name) ...@@ -622,7 +622,9 @@ static int fix_table_storage_name(const char *name)
int rc= 0; int rc= 0;
if (strncmp(name, "#mysql50#", 9)) if (strncmp(name, "#mysql50#", 9))
return 1; return 1;
sprintf(qbuf, "RENAME TABLE `%s` TO `%s`", name, name + 9); my_snprintf(qbuf, sizeof(qbuf), "RENAME TABLE `%s` TO `%s`",
name, name + 9);
rc= run_query(qbuf); rc= run_query(qbuf);
if (verbose) if (verbose)
printf("%-50s %s\n", name, rc ? "FAILED" : "OK"); printf("%-50s %s\n", name, rc ? "FAILED" : "OK");
...@@ -635,7 +637,8 @@ static int fix_database_storage_name(const char *name) ...@@ -635,7 +637,8 @@ static int fix_database_storage_name(const char *name)
int rc= 0; int rc= 0;
if (strncmp(name, "#mysql50#", 9)) if (strncmp(name, "#mysql50#", 9))
return 1; return 1;
sprintf(qbuf, "ALTER DATABASE `%s` UPGRADE DATA DIRECTORY NAME", name); my_snprintf(qbuf, sizeof(qbuf), "ALTER DATABASE `%s` UPGRADE DATA DIRECTORY "
"NAME", name);
rc= run_query(qbuf); rc= run_query(qbuf);
if (verbose) if (verbose)
printf("%-50s %s\n", name, rc ? "FAILED" : "OK"); printf("%-50s %s\n", name, rc ? "FAILED" : "OK");
...@@ -653,7 +656,7 @@ static int rebuild_table(char *name) ...@@ -653,7 +656,7 @@ static int rebuild_table(char *name)
ptr= strmov(query, "ALTER TABLE "); ptr= strmov(query, "ALTER TABLE ");
ptr= fix_table_name(ptr, name); ptr= fix_table_name(ptr, name);
ptr= strxmov(ptr, " FORCE", NullS); ptr= strxmov(ptr, " FORCE", NullS);
if (mysql_real_query(sock, query, (uint)(ptr - query))) if (mysql_real_query(sock, query, (ulong)(ptr - query)))
{ {
fprintf(stderr, "Failed to %s\n", query); fprintf(stderr, "Failed to %s\n", query);
fprintf(stderr, "Error: %s\n", mysql_error(sock)); fprintf(stderr, "Error: %s\n", mysql_error(sock));
...@@ -702,10 +705,10 @@ static int disable_binlog() ...@@ -702,10 +705,10 @@ static int disable_binlog()
return run_query(stmt); return run_query(stmt);
} }
static int handle_request_for_tables(char *tables, uint length) static int handle_request_for_tables(char *tables, size_t length)
{ {
char *query, *end, options[100], message[100]; char *query, *end, options[100], message[100];
uint query_length= 0; size_t query_length= 0, query_size= sizeof(char)*(length+110);
const char *op = 0; const char *op = 0;
options[0] = 0; options[0] = 0;
...@@ -736,10 +739,14 @@ static int handle_request_for_tables(char *tables, uint length) ...@@ -736,10 +739,14 @@ static int handle_request_for_tables(char *tables, uint length)
return fix_table_storage_name(tables); return fix_table_storage_name(tables);
} }
if (!(query =(char *) my_malloc((sizeof(char)*(length+110)), MYF(MY_WME)))) if (!(query =(char *) my_malloc(query_size, MYF(MY_WME))))
{
return 1; return 1;
}
if (opt_all_in_1) if (opt_all_in_1)
{ {
DBUG_ASSERT(strlen(op)+strlen(tables)+strlen(options)+8+1 <= query_size);
/* No backticks here as we added them before */ /* No backticks here as we added them before */
query_length= sprintf(query, "%s TABLE %s %s", op, tables, options); query_length= sprintf(query, "%s TABLE %s %s", op, tables, options);
} }
...@@ -750,7 +757,7 @@ static int handle_request_for_tables(char *tables, uint length) ...@@ -750,7 +757,7 @@ static int handle_request_for_tables(char *tables, uint length)
ptr= strmov(strmov(query, op), " TABLE "); ptr= strmov(strmov(query, op), " TABLE ");
ptr= fix_table_name(ptr, tables); ptr= fix_table_name(ptr, tables);
ptr= strxmov(ptr, " ", options, NullS); ptr= strxmov(ptr, " ", options, NullS);
query_length= (uint) (ptr - query); query_length= (size_t) (ptr - query);
} }
if (mysql_real_query(sock, query, query_length)) if (mysql_real_query(sock, query, query_length))
{ {
...@@ -834,7 +841,10 @@ static void print_result() ...@@ -834,7 +841,10 @@ static void print_result()
prev_alter[0]= 0; prev_alter[0]= 0;
} }
else else
strcpy(prev_alter, alter_txt); {
strncpy(prev_alter, alter_txt, MAX_ALTER_STR_SIZE-1);
prev_alter[MAX_ALTER_STR_SIZE-1]= 0;
}
} }
} }
} }
...@@ -978,7 +988,7 @@ int main(int argc, char **argv) ...@@ -978,7 +988,7 @@ int main(int argc, char **argv)
process_databases(argv); process_databases(argv);
if (opt_auto_repair) if (opt_auto_repair)
{ {
uint i; size_t i;
if (!opt_silent && (tables4repair.elements || tables4rebuild.elements)) if (!opt_silent && (tables4repair.elements || tables4rebuild.elements))
puts("\nRepairing tables"); puts("\nRepairing tables");
......
...@@ -86,7 +86,7 @@ ...@@ -86,7 +86,7 @@
static void add_load_option(DYNAMIC_STRING *str, const char *option, static void add_load_option(DYNAMIC_STRING *str, const char *option,
const char *option_value); const char *option_value);
static ulong find_set(TYPELIB *lib, const char *x, uint length, static ulong find_set(TYPELIB *lib, const char *x, size_t length,
char **err_pos, uint *err_len); char **err_pos, uint *err_len);
static char *alloc_query_str(ulong size); static char *alloc_query_str(ulong size);
...@@ -852,7 +852,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -852,7 +852,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
opt_set_charset= 0; opt_set_charset= 0;
opt_compatible_mode_str= argument; opt_compatible_mode_str= argument;
opt_compatible_mode= find_set(&compatible_mode_typelib, opt_compatible_mode= find_set(&compatible_mode_typelib,
argument, (uint) strlen(argument), argument, strlen(argument),
&err_ptr, &err_len); &err_ptr, &err_len);
if (err_len) if (err_len)
{ {
...@@ -862,7 +862,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -862,7 +862,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
} }
#if !defined(DBUG_OFF) #if !defined(DBUG_OFF)
{ {
uint size_for_sql_mode= 0; size_t size_for_sql_mode= 0;
const char **ptr; const char **ptr;
for (ptr= compatible_mode_names; *ptr; ptr++) for (ptr= compatible_mode_names; *ptr; ptr++)
size_for_sql_mode+= strlen(*ptr); size_for_sql_mode+= strlen(*ptr);
...@@ -1138,8 +1138,8 @@ static int fetch_db_collation(const char *db_name, ...@@ -1138,8 +1138,8 @@ static int fetch_db_collation(const char *db_name,
break; break;
} }
strncpy(db_cl_name, db_cl_row[0], db_cl_size); strncpy(db_cl_name, db_cl_row[0], db_cl_size-1);
db_cl_name[db_cl_size - 1]= 0; /* just in case. */ db_cl_name[db_cl_size - 1]= 0;
} while (FALSE); } while (FALSE);
...@@ -1150,7 +1150,7 @@ static int fetch_db_collation(const char *db_name, ...@@ -1150,7 +1150,7 @@ static int fetch_db_collation(const char *db_name,
static char *my_case_str(const char *str, static char *my_case_str(const char *str,
uint str_len, size_t str_len,
const char *token, const char *token,
uint token_len) uint token_len)
{ {
...@@ -1366,7 +1366,7 @@ static int switch_character_set_results(MYSQL *mysql, const char *cs_name) ...@@ -1366,7 +1366,7 @@ static int switch_character_set_results(MYSQL *mysql, const char *cs_name)
*/ */
static char *cover_definer_clause(const char *stmt_str, static char *cover_definer_clause(const char *stmt_str,
uint stmt_length, size_t stmt_length,
const char *definer_version_str, const char *definer_version_str,
uint definer_version_length, uint definer_version_length,
const char *stmt_version_str, const char *stmt_version_str,
...@@ -1548,14 +1548,14 @@ static void dbDisconnect(char *host) ...@@ -1548,14 +1548,14 @@ static void dbDisconnect(char *host)
} /* dbDisconnect */ } /* dbDisconnect */
static void unescape(FILE *file,char *pos,uint length) static void unescape(FILE *file,char *pos, size_t length)
{ {
char *tmp; char *tmp;
DBUG_ENTER("unescape"); DBUG_ENTER("unescape");
if (!(tmp=(char*) my_malloc(length*2+1, MYF(MY_WME)))) if (!(tmp=(char*) my_malloc(length*2+1, MYF(MY_WME))))
die(EX_MYSQLERR, "Couldn't allocate memory"); die(EX_MYSQLERR, "Couldn't allocate memory");
mysql_real_escape_string(&mysql_connection, tmp, pos, length); mysql_real_escape_string(&mysql_connection, tmp, pos, (ulong)length);
fputc('\'', file); fputc('\'', file);
fputs(tmp, file); fputs(tmp, file);
fputc('\'', file); fputc('\'', file);
...@@ -1669,7 +1669,7 @@ static char *quote_for_like(const char *name, char *buff) ...@@ -1669,7 +1669,7 @@ static char *quote_for_like(const char *name, char *buff)
Quote '<' '>' '&' '\"' chars and print a string to the xml_file. Quote '<' '>' '&' '\"' chars and print a string to the xml_file.
*/ */
static void print_quoted_xml(FILE *xml_file, const char *str, ulong len, static void print_quoted_xml(FILE *xml_file, const char *str, size_t len,
my_bool is_attribute_name) my_bool is_attribute_name)
{ {
const char *end; const char *end;
...@@ -1928,7 +1928,7 @@ static void print_xml_row(FILE *xml_file, const char *row_name, ...@@ -1928,7 +1928,7 @@ static void print_xml_row(FILE *xml_file, const char *row_name,
squeezed to a single hyphen. squeezed to a single hyphen.
*/ */
static void print_xml_comment(FILE *xml_file, ulong len, static void print_xml_comment(FILE *xml_file, size_t len,
const char *comment_string) const char *comment_string)
{ {
const char* end; const char* end;
...@@ -2045,7 +2045,7 @@ static uint dump_events_for_db(char *db) ...@@ -2045,7 +2045,7 @@ static uint dump_events_for_db(char *db)
DBUG_ENTER("dump_events_for_db"); DBUG_ENTER("dump_events_for_db");
DBUG_PRINT("enter", ("db: '%s'", db)); DBUG_PRINT("enter", ("db: '%s'", db));
mysql_real_escape_string(mysql, db_name_buff, db, strlen(db)); mysql_real_escape_string(mysql, db_name_buff, db, (ulong)strlen(db));
/* nice comments */ /* nice comments */
print_comment(sql_file, 0, print_comment(sql_file, 0,
...@@ -2164,6 +2164,11 @@ static uint dump_events_for_db(char *db) ...@@ -2164,6 +2164,11 @@ static uint dump_events_for_db(char *db)
(const char *) (query_str != NULL ? query_str : row[3]), (const char *) (query_str != NULL ? query_str : row[3]),
(const char *) delimiter); (const char *) delimiter);
if(query_str)
{
my_free(query_str);
query_str= NULL;
}
restore_time_zone(sql_file, delimiter); restore_time_zone(sql_file, delimiter);
restore_sql_mode(sql_file, delimiter); restore_sql_mode(sql_file, delimiter);
...@@ -2257,7 +2262,7 @@ static uint dump_routines_for_db(char *db) ...@@ -2257,7 +2262,7 @@ static uint dump_routines_for_db(char *db)
DBUG_ENTER("dump_routines_for_db"); DBUG_ENTER("dump_routines_for_db");
DBUG_PRINT("enter", ("db: '%s'", db)); DBUG_PRINT("enter", ("db: '%s'", db));
mysql_real_escape_string(mysql, db_name_buff, db, strlen(db)); mysql_real_escape_string(mysql, db_name_buff, db, (ulong)strlen(db));
/* nice comments */ /* nice comments */
print_comment(sql_file, 0, print_comment(sql_file, 0,
...@@ -2311,9 +2316,9 @@ static uint dump_routines_for_db(char *db) ...@@ -2311,9 +2316,9 @@ static uint dump_routines_for_db(char *db)
if the user has EXECUTE privilege he see routine names, but NOT the if the user has EXECUTE privilege he see routine names, but NOT the
routine body of other routines that are not the creator of! routine body of other routines that are not the creator of!
*/ */
DBUG_PRINT("info",("length of body for %s row[2] '%s' is %d", DBUG_PRINT("info",("length of body for %s row[2] '%s' is %zu",
routine_name, row[2] ? row[2] : "(null)", routine_name, row[2] ? row[2] : "(null)",
row[2] ? (int) strlen(row[2]) : 0)); row[2] ? strlen(row[2]) : 0));
if (row[2] == NULL) if (row[2] == NULL)
{ {
print_comment(sql_file, 1, "\n-- insufficient privileges to %s\n", print_comment(sql_file, 1, "\n-- insufficient privileges to %s\n",
...@@ -3873,7 +3878,7 @@ static int dump_tablespaces_for_tables(char *db, char **table_names, int tables) ...@@ -3873,7 +3878,7 @@ static int dump_tablespaces_for_tables(char *db, char **table_names, int tables)
int i; int i;
char name_buff[NAME_LEN*2+3]; char name_buff[NAME_LEN*2+3];
mysql_real_escape_string(mysql, name_buff, db, strlen(db)); mysql_real_escape_string(mysql, name_buff, db, (ulong)strlen(db));
init_dynamic_string_checked(&where, " AND TABLESPACE_NAME IN (" init_dynamic_string_checked(&where, " AND TABLESPACE_NAME IN ("
"SELECT DISTINCT TABLESPACE_NAME FROM" "SELECT DISTINCT TABLESPACE_NAME FROM"
...@@ -3886,7 +3891,7 @@ static int dump_tablespaces_for_tables(char *db, char **table_names, int tables) ...@@ -3886,7 +3891,7 @@ static int dump_tablespaces_for_tables(char *db, char **table_names, int tables)
for (i=0 ; i<tables ; i++) for (i=0 ; i<tables ; i++)
{ {
mysql_real_escape_string(mysql, name_buff, mysql_real_escape_string(mysql, name_buff,
table_names[i], strlen(table_names[i])); table_names[i], (ulong)strlen(table_names[i]));
dynstr_append_checked(&where, "'"); dynstr_append_checked(&where, "'");
dynstr_append_checked(&where, name_buff); dynstr_append_checked(&where, name_buff);
...@@ -3917,7 +3922,7 @@ static int dump_tablespaces_for_databases(char** databases) ...@@ -3917,7 +3922,7 @@ static int dump_tablespaces_for_databases(char** databases)
{ {
char db_name_buff[NAME_LEN*2+3]; char db_name_buff[NAME_LEN*2+3];
mysql_real_escape_string(mysql, db_name_buff, mysql_real_escape_string(mysql, db_name_buff,
databases[i], strlen(databases[i])); databases[i], (ulong)strlen(databases[i]));
dynstr_append_checked(&where, "'"); dynstr_append_checked(&where, "'");
dynstr_append_checked(&where, db_name_buff); dynstr_append_checked(&where, db_name_buff);
dynstr_append_checked(&where, "',"); dynstr_append_checked(&where, "',");
...@@ -4927,7 +4932,7 @@ static int start_transaction(MYSQL *mysql_con) ...@@ -4927,7 +4932,7 @@ static int start_transaction(MYSQL *mysql_con)
} }
static ulong find_set(TYPELIB *lib, const char *x, uint length, static ulong find_set(TYPELIB *lib, const char *x, size_t length,
char **err_pos, uint *err_len) char **err_pos, uint *err_len)
{ {
const char *end= x + length; const char *end= x + length;
...@@ -4985,7 +4990,7 @@ static void print_value(FILE *file, MYSQL_RES *result, MYSQL_ROW row, ...@@ -4985,7 +4990,7 @@ static void print_value(FILE *file, MYSQL_RES *result, MYSQL_ROW row,
fputc(' ',file); fputc(' ',file);
fputs(prefix, file); fputs(prefix, file);
if (string_value) if (string_value)
unescape(file,row[0],(uint) strlen(row[0])); unescape(file,row[0], strlen(row[0]));
else else
fputs(row[0], file); fputs(row[0], file);
check_io(file); check_io(file);
...@@ -5238,8 +5243,8 @@ static my_bool get_view_structure(char *table, char* db) ...@@ -5238,8 +5243,8 @@ static my_bool get_view_structure(char *table, char* db)
verbose_msg("-- Retrieving view structure for table %s...\n", table); verbose_msg("-- Retrieving view structure for table %s...\n", table);
#ifdef NOT_REALLY_USED_YET #ifdef NOT_REALLY_USED_YET
sprintf(insert_pat, "SET SQL_QUOTE_SHOW_CREATE=%d", dynstr_append_checked(&insert_pat, "SET SQL_QUOTE_SHOW_CREATE=");
(opt_quoted || opt_keywords)); dynstr_append_checked(&insert_pat, (opt_quoted || opt_keywords)? "1":"0");
#endif #endif
result_table= quote_name(table, table_buff, 1); result_table= quote_name(table, table_buff, 1);
......
...@@ -52,9 +52,9 @@ static int list_tables(MYSQL *mysql,const char *db,const char *table); ...@@ -52,9 +52,9 @@ static int list_tables(MYSQL *mysql,const char *db,const char *table);
static int list_table_status(MYSQL *mysql,const char *db,const char *table); static int list_table_status(MYSQL *mysql,const char *db,const char *table);
static int list_fields(MYSQL *mysql,const char *db,const char *table, static int list_fields(MYSQL *mysql,const char *db,const char *table,
const char *field); const char *field);
static void print_header(const char *header,uint head_length,...); static void print_header(const char *header,size_t head_length,...);
static void print_row(const char *header,uint head_length,...); static void print_row(const char *header,size_t head_length,...);
static void print_trailer(uint length,...); static void print_trailer(size_t length,...);
static void print_res_header(MYSQL_RES *result); static void print_res_header(MYSQL_RES *result);
static void print_res_top(MYSQL_RES *result); static void print_res_top(MYSQL_RES *result);
static void print_res_row(MYSQL_RES *result,MYSQL_ROW cur); static void print_res_row(MYSQL_RES *result,MYSQL_ROW cur);
...@@ -374,7 +374,8 @@ static int ...@@ -374,7 +374,8 @@ static int
list_dbs(MYSQL *mysql,const char *wild) list_dbs(MYSQL *mysql,const char *wild)
{ {
const char *header; const char *header;
uint length, counter = 0; size_t length = 0;
uint counter = 0;
ulong rowcount = 0L; ulong rowcount = 0L;
char tables[NAME_LEN+1], rows[NAME_LEN+1]; char tables[NAME_LEN+1], rows[NAME_LEN+1];
char query[NAME_LEN + 100]; char query[NAME_LEN + 100];
...@@ -412,7 +413,7 @@ list_dbs(MYSQL *mysql,const char *wild) ...@@ -412,7 +413,7 @@ list_dbs(MYSQL *mysql,const char *wild)
printf("Wildcard: %s\n",wild); printf("Wildcard: %s\n",wild);
header="Databases"; header="Databases";
length=(uint) strlen(header); length= strlen(header);
field=mysql_fetch_field(result); field=mysql_fetch_field(result);
if (length < field->max_length) if (length < field->max_length)
length=field->max_length; length=field->max_length;
...@@ -500,7 +501,8 @@ static int ...@@ -500,7 +501,8 @@ static int
list_tables(MYSQL *mysql,const char *db,const char *table) list_tables(MYSQL *mysql,const char *db,const char *table)
{ {
const char *header; const char *header;
uint head_length, counter = 0; size_t head_length;
uint counter = 0;
char query[NAME_LEN + 100], rows[NAME_LEN], fields[16]; char query[NAME_LEN + 100], rows[NAME_LEN], fields[16];
MYSQL_FIELD *field; MYSQL_FIELD *field;
MYSQL_RES *result; MYSQL_RES *result;
...@@ -537,7 +539,7 @@ list_tables(MYSQL *mysql,const char *db,const char *table) ...@@ -537,7 +539,7 @@ list_tables(MYSQL *mysql,const char *db,const char *table)
putchar('\n'); putchar('\n');
header="Tables"; header="Tables";
head_length=(uint) strlen(header); head_length= strlen(header);
field=mysql_fetch_field(result); field=mysql_fetch_field(result);
if (head_length < field->max_length) if (head_length < field->max_length)
head_length=field->max_length; head_length=field->max_length;
...@@ -766,10 +768,10 @@ list_fields(MYSQL *mysql,const char *db,const char *table, ...@@ -766,10 +768,10 @@ list_fields(MYSQL *mysql,const char *db,const char *table,
*****************************************************************************/ *****************************************************************************/
static void static void
print_header(const char *header,uint head_length,...) print_header(const char *header,size_t head_length,...)
{ {
va_list args; va_list args;
uint length,i,str_length,pre_space; size_t length,i,str_length,pre_space;
const char *field; const char *field;
va_start(args,head_length); va_start(args,head_length);
...@@ -792,10 +794,10 @@ print_header(const char *header,uint head_length,...) ...@@ -792,10 +794,10 @@ print_header(const char *header,uint head_length,...)
putchar('|'); putchar('|');
for (;;) for (;;)
{ {
str_length=(uint) strlen(field); str_length= strlen(field);
if (str_length > length) if (str_length > length)
str_length=length+1; str_length=length+1;
pre_space=(uint) (((int) length-(int) str_length)/2)+1; pre_space= ((length- str_length)/2)+1;
for (i=0 ; i < pre_space ; i++) for (i=0 ; i < pre_space ; i++)
putchar(' '); putchar(' ');
for (i = 0 ; i < str_length ; i++) for (i = 0 ; i < str_length ; i++)
...@@ -829,11 +831,11 @@ print_header(const char *header,uint head_length,...) ...@@ -829,11 +831,11 @@ print_header(const char *header,uint head_length,...)
static void static void
print_row(const char *header,uint head_length,...) print_row(const char *header,size_t head_length,...)
{ {
va_list args; va_list args;
const char *field; const char *field;
uint i,length,field_length; size_t i,length,field_length;
va_start(args,head_length); va_start(args,head_length);
field=header; length=head_length; field=header; length=head_length;
...@@ -842,7 +844,7 @@ print_row(const char *header,uint head_length,...) ...@@ -842,7 +844,7 @@ print_row(const char *header,uint head_length,...)
putchar('|'); putchar('|');
putchar(' '); putchar(' ');
fputs(field,stdout); fputs(field,stdout);
field_length=(uint) strlen(field); field_length= strlen(field);
for (i=field_length ; i <= length ; i++) for (i=field_length ; i <= length ; i++)
putchar(' '); putchar(' ');
if (!(field=va_arg(args,char *))) if (!(field=va_arg(args,char *)))
...@@ -856,10 +858,10 @@ print_row(const char *header,uint head_length,...) ...@@ -856,10 +858,10 @@ print_row(const char *header,uint head_length,...)
static void static void
print_trailer(uint head_length,...) print_trailer(size_t head_length,...)
{ {
va_list args; va_list args;
uint length,i; size_t length,i;
va_start(args,head_length); va_start(args,head_length);
length=head_length; length=head_length;
...@@ -902,7 +904,7 @@ static void print_res_top(MYSQL_RES *result) ...@@ -902,7 +904,7 @@ static void print_res_top(MYSQL_RES *result)
mysql_field_seek(result,0); mysql_field_seek(result,0);
while((field = mysql_fetch_field(result))) while((field = mysql_fetch_field(result)))
{ {
if ((length=(uint) strlen(field->name)) > field->max_length) if ((length= strlen(field->name)) > field->max_length)
field->max_length=length; field->max_length=length;
else else
length=field->max_length; length=field->max_length;
......
/* /*
Copyright (C) 2000-2007 MySQL AB Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Use is subject to license terms
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -61,6 +60,7 @@ namespace yaSSL { ...@@ -61,6 +60,7 @@ namespace yaSSL {
time_t clicks = time(0); time_t clicks = time(0);
char timeStr[32]; char timeStr[32];
memset(timeStr, 0, sizeof(timeStr));
// get rid of newline // get rid of newline
strncpy(timeStr, ctime(&clicks), sizeof(timeStr)); strncpy(timeStr, ctime(&clicks), sizeof(timeStr));
unsigned int len = strlen(timeStr); unsigned int len = strlen(timeStr);
......
...@@ -163,6 +163,10 @@ char *argv[]; ...@@ -163,6 +163,10 @@ char *argv[];
} }
else if (argc > 3) else if (argc > 3)
for (n = atoi(argv[3]); n > 0; n--) { for (n = atoi(argv[3]); n > 0; n--) {
if(sizeof(buf)-1 < strlen(argv[1]))
{
exit(EXIT_FAILURE);
}
(void) strcpy(buf, argv[1]); (void) strcpy(buf, argv[1]);
(void) split(buf, fields, MNF, argv[2]); (void) split(buf, fields, MNF, argv[2]);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment