List:Commits« Previous MessageNext Message »
From:Sergei Golubchik Date:January 28 2006 6:22pm
Subject:bk commit into 5.1 tree (serg:1.2090)
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of serg. When serg does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2090 06/01/28 19:21:40 serg@stripped +3 -0
  two buffer overflows fixed

  sql/unireg.cc
    1.74 06/01/28 19:21:14 serg@stripped +3 -3
    not too nice to do bzero(buf, 9) after char buf[5], eh ?

  sql/sql_parse.cc
    1.514 06/01/28 19:21:13 serg@stripped +1 -0
    init thd->security_ctx->priv_host,
    otherwise - buffer overflow in db_create_routine

  sql/sp.cc
    1.101 06/01/28 19:21:12 serg@stripped +1 -1
    use strxnmov, just in case

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	serg
# Host:	serg.mylan
# Root:	/usr/home/serg/Abk/mysql-5.1

--- 1.513/sql/sql_parse.cc	Wed Jan 25 20:06:53 2006
+++ 1.514/sql/sql_parse.cc	Sat Jan 28 19:21:13 2006
@@ -1253,6 +1253,7 @@ pthread_handler_t handle_bootstrap(void 
   thd->version=refresh_version;
   thd->security_ctx->priv_user=
     thd->security_ctx->user= (char*) my_strdup("boot", MYF(MY_WME));
+  thd->security_ctx->priv_host[0]=0;
 
   buff= (char*) thd->net.buff;
   thd->init_for_queries();

--- 1.73/sql/unireg.cc	Tue Jan 17 08:37:29 2006
+++ 1.74/sql/unireg.cc	Sat Jan 28 19:21:14 2006
@@ -63,7 +63,7 @@ static bool make_empty_rec(THD *thd, int
     keys		number of keys to create
     key_info		Keys to create
     db_file		Handler to use. May be zero, in which case we use
-    			create_info->db_type
+			create_info->db_type
   RETURN
     0  ok
     1  error
@@ -84,7 +84,7 @@ bool mysql_create_frm(THD *thd, const ch
   uchar fileinfo[64],forminfo[288],*keybuff;
   TYPELIB formnames;
   uchar *screen_buff;
-  char buff[5];
+  char buff[32];
 #ifdef WITH_PARTITION_STORAGE_ENGINE
   partition_info *part_info= thd->lex->part_info;
 #endif
@@ -232,7 +232,7 @@ bool mysql_create_frm(THD *thd, const ch
         goto err;
     }
   }
-        
+
   VOID(my_seek(file,filepos,MY_SEEK_SET,MYF(0)));
   if (my_write(file,(byte*) forminfo,288,MYF_RW) ||
       my_write(file,(byte*) screen_buff,info_length,MYF_RW) ||

--- 1.100/sql/sp.cc	Fri Jan 13 17:04:32 2006
+++ 1.101/sql/sp.cc	Sat Jan 28 19:21:12 2006
@@ -501,7 +501,7 @@ db_create_routine(THD *thd, int type, sp
   else
   {
     restore_record(table, s->default_values); // Get default values for fields
-    strxmov(definer, thd->security_ctx->priv_user, "@",
+    strxnmov(definer, sizeof(definer)-1, thd->security_ctx->priv_user, "@",
             thd->security_ctx->priv_host, NullS);
 
     if (table->s->fields != MYSQL_PROC_FIELD_COUNT)
Thread
bk commit into 5.1 tree (serg:1.2090)Sergei Golubchik28 Jan