Fixed a possible buffer overflow inside create_named_pipe() for Win32

systems in libmysql.c.
author: Ilia Alshanetsky <iliaa@php.net> 2006-05-21 16:10:28 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2006-05-21 16:10:28 +0000
commit: a2e5235b927deedc1decdf655c8283b19adc9069 (patch)
tree: 73ebc879574f61d84202d6ecc2dc42826e708bc8 /ext/mysql/libmysql/libmysql.c
parent: 88b15c81ee12173d70c3d74736c804c126127e05 (diff)
download: php-git-a2e5235b927deedc1decdf655c8283b19adc9069.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/mysql/libmysql/libmysql.c b/ext/mysql/libmysql/libmysql.c
index 94d6352252..a1f7a4520c 100644
--- a/ext/mysql/libmysql/libmysql.c
+++ b/ext/mysql/libmysql/libmysql.c
@@ -213,6 +213,10 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host,
   if (!host || !strcmp(host,LOCAL_HOST))
     host=LOCAL_HOST_NAMEDPIPE;
 
+  if (sizeof(szPipeName) <= (strlen(host) + strlen(unix_socket) + sizeof("\\\\\\pipe\\"))) {
+	return INVALID_HANDLE_VALUE;
+  }
+
   sprintf( szPipeName, "\\\\%s\\pipe\\%s", host, unix_socket);
   DBUG_PRINT("info",("Server name: '%s'.  Named Pipe: %s",
 		     host, unix_socket));
author	Ilia Alshanetsky <iliaa@php.net>	2006-05-21 16:10:28 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2006-05-21 16:10:28 +0000
commit	a2e5235b927deedc1decdf655c8283b19adc9069 (patch)
tree	73ebc879574f61d84202d6ecc2dc42826e708bc8 /ext/mysql/libmysql/libmysql.c
parent	88b15c81ee12173d70c3d74736c804c126127e05 (diff)
download	php-git-a2e5235b927deedc1decdf655c8283b19adc9069.tar.gz