mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-12 19:33:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed possible buffer overflow in mysqlnd_conn__list_fields.

Browse Source
This commit is contained in:
Andrey Hristov 2010-04-27 08:02:08 +00:00
parent c200eeeb61
commit c92c788c85
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -16,6 +16,7 @@ PHP NEWS
- Implemented FR#35638 (Adding udate to imap_fetch_overview results).
(Charles_Duffy at dell dot com )
- Fixed possible buffer overflow in mysqlnd_list_fields. (Andrey)
- Fixed handling of session variable serialization on certain prefix
characters. Reported by Stefan Esser (Ilia)

10
ext/mysqlnd/mysqlnd.c
View File

@ -1074,14 +1074,16 @@ MYSQLND_METHOD(mysqlnd_conn, list_fields)(MYSQLND * conn, const char *table, con
p = buff;
if (table && (table_len = strlen(table))) {
memcpy(p, table, MIN(table_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4));
p += table_len;
size_t to_copy = MIN(table_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4);
memcpy(p, table, to_copy);
p += to_copy;
*p++ = '\0';
}
if (achtung_wild && (wild_len = strlen(achtung_wild))) {
memcpy(p, achtung_wild, MIN(wild_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4));
p += wild_len;
size_t to_copy = MIN(wild_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4);
memcpy(p, achtung_wild, to_copy);
p += to_copy;
*p++ = '\0';
}