From: Date: June 21 2005 8:37pm
Subject: bk commit into 4.1 tree (reggie:1.2304) BUG#9148
List-Archive: http://lists.mysql.com/internals/26261
X-Bug: 9148
Message-Id: <200506211837.j5LIbR6V015011@mdk10>

Below is the list of changes that have just been committed into a local
4.1 repository of reggie. When reggie does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2304 05/06/21 13:35:12 reggie@mdk10.(none) +1 -0
  Bug #9148  Denial of Service
  
  
  my_access.c:
    Fixed problem where in some cases check_if_legal_filename was returning 0 for illegal names

  mysys/my_access.c
    1.4 05/06/21 13:34:34 reggie@mdk10.(none) +7 -5
    Fixed problem where in some cases check_if_legal_filename was returning 0 for illegal names

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	reggie
# Host:	mdk10.(none)
# Root:	/home/reggie/bk/bug9148

--- 1.3/mysys/my_access.c	2005-06-02 11:12:51 -05:00
+++ 1.4/mysys/my_access.c	2005-06-21 13:34:34 -05:00
@@ -93,18 +93,20 @@
   path+= dirname_length(path);                  /* To start of filename */
   if (!(end= strchr(path, FN_EXTCHAR)))
     end= strend(path);
-  if (path == end || (uint) (path - end) > MAX_RESERVED_NAME_LENGTH)
+  if (path == end || (uint) (end - path) > MAX_RESERVED_NAME_LENGTH)
     DBUG_RETURN(0);                             /* Simplify inner loop */
 
   for (reserved_name= reserved_names; *reserved_name; reserved_name++)
   {
     const char *name= path;
-    while (name != end)
+    const char *current_reserved_name= *reserved_name;
+    
+    while (name != end && *current_reserved_name)
     {
-      if (my_toupper(&my_charset_latin1, *path) !=
-          my_toupper(&my_charset_latin1, *name))
+      if (*current_reserved_name != my_toupper(&my_charset_latin1, *name))
         break;
-      if (name++ == end)
+      current_reserved_name++;
+      if (++name == end)
         DBUG_RETURN(1);                         /* Found wrong path */
     }
   }