head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.54 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.52 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.50 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.48 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.46 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.44 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.42 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.40 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.38 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.36 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.34 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.32 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.30 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.28 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.26 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.24 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.22 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.20 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.18 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.16 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.14 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.12 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2 netbsd-1-6-1:1.1.0.2 netbsd-1-6-1-base:1.1; locks; strict; comment @# @; 1.2 date 2003.10.05.17.55.13; author martti; state dead; branches; next 1.1; 1.1 date 2002.12.13.14.19.54; author tron; state Exp; branches; next ; desc @@ 1.2 log @Update mysql-client to 3.23.58 A lot of bug and security fixes since 3.23.51... @ text @$NetBSD: patch-al,v 1.1 2002/12/13 14:19:54 tron Exp $ --- libmysql/libmysql.c.orig Thu Feb 14 18:30:17 2002 +++ libmysql/libmysql.c Fri Dec 13 15:11:45 2002 @@@@ -886,7 +886,7 @@@@ uint field,pkt_len; ulong len; uchar *cp; - char *to; + char *to, *end_to; MYSQL_DATA *result; MYSQL_ROWS **prev_ptr,*cur; NET *net = &mysql->net; @@@@ -924,6 +924,7 @@@@ *prev_ptr=cur; prev_ptr= &cur->next; to= (char*) (cur->data+fields+1); + end_to=to+pkt_len-1; for (field=0 ; field < fields ; field++) { if ((len=(ulong) net_field_length(&cp)) == NULL_LENGTH) @@@@ -933,6 +934,13 @@@@ else { cur->data[field] = to; + if (len > end_to - to) + { + free_rows(result); + net->last_errno=CR_UNKNOWN_ERROR; + strmov(net->last_error,ER(net->last_errno)); + DBUG_RETURN(0); + } memcpy(to,(char*) cp,len); to[len]=0; to+=len+1; cp+=len; @@@@ -967,7 +975,7 @@@@ { uint field; ulong pkt_len,len; - uchar *pos,*prev_pos; + uchar *pos,*prev_pos, *end_pos; if ((pkt_len=(uint) net_safe_read(mysql)) == packet_error) return -1; @@@@ -975,6 +983,7 @@@@ return 1; /* End of data */ prev_pos= 0; /* allowed to write at packet[-1] */ pos=mysql->net.read_pos; + end_pos=pos+pkt_len; for (field=0 ; field < fields ; field++) { if ((len=(ulong) net_field_length(&pos)) == NULL_LENGTH) @@@@ -984,6 +993,12 @@@@ } else { + if (len > end_pos - pos) + { + mysql->net.last_errno=CR_UNKNOWN_ERROR; + strmov(mysql->net.last_error,ER(mysql->net.last_errno)); + return -1; + } row[field] = (char*) pos; pos+=len; *lengths++=len; @ 1.1 log @Fix security problem in MySQL client library and server which were recently discovered by e-matters. @ text @d1 1 a1 1 $NetBSD$ @