Bug#16900358 FIX FOR CVE-2012-5611 IS INCOMPLETE

Merging from mysql-5.1 to mysql-5.5

Bug#16900358 FIX FOR CVE-2012-5611 IS INCOMPLETE
Merging from mysql-5.1 to mysql-5.5
e84d4874 · Venkata Sidagam · 4522a870 · de0e8a02 · e84d4874
Commit e84d4874 authored Oct 16, 2013 by Venkata Sidagam
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

sql/sql_acl.cc sql/sql_acl.cc +4 -2

No files found.
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1588,7 +1588,8 @@ ulong acl_get(const char *host, const char *ip,
  copy_length= (size_t) (strlen(ip ? ip : "") +
                 strlen(user ? user : "") +
-                 strlen(db ? db : ""));
+                 strlen(db ? db : "")) + 2; /* Added 2 at the end to avoid  
+                                               buffer overflow at strmov()*/
  /*
    Make sure that strmov() operations do not result in buffer overflow.
  */
@@ -4957,7 +4958,8 @@ bool check_grant_db(THD *thd,const char *db)
  size_t copy_length;
  copy_length= (size_t) (strlen(sctx->priv_user ? sctx->priv_user : "") +
-                 strlen(db ? db : ""));
+                 strlen(db ? db : "")) + 1; /* Added 1 at the end to avoid  
+                                               buffer overflow at strmov()*/
  /*
    Make sure that strmov() operations do not result in buffer overflow.