FIXED POTENTIAL BUFFER OVERFLOW IN STRING PARSING CODE.

This commit is contained in:
Lasse Karstensen 2004-11-16 20:59:42 +00:00
parent 33ffd2c485
commit a15aa0f87a

View File

@ -1,5 +1,5 @@
/*
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.8 2003-04-07 16:21:50 lkarsten Exp $
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.9 2004-11-16 20:59:42 lkarsten Exp $
*
* mysql-useradm.c
*
@ -220,7 +220,6 @@ list(MYSQL *pmysql)
return userlist;
}
int
main(int argc, char *argv[])
{
@ -228,6 +227,7 @@ main(int argc, char *argv[])
enum { c_create, c_delete, c_passwd, c_show } command;
MYSQL mysql;
char **dblist, **p;
char *user;
program_name = argv[0];
@ -285,31 +285,32 @@ main(int argc, char *argv[])
}
free(dblist);
}
else
{
/* for each supplied database name, perform the requested action */
for (i = 2; i < argc; i++)
{
if (! (owner(argv[i]) || member(argv[i])))
else {
user = malloc(64);
/* for each supplied database name, perform the requested action */
for (i = 2; i < argc; i++) {
strncpy(user, argv[i], 32);
user[33] = '\0';
if (! (owner(user) || member(user)))
{
dberror(NULL, "You are not the owner of '%s'. Skipping.",
argv[i]);
dberror(NULL, "You are not the owner of '%s'. Skipping.", user);
continue;
}
switch (command)
{
case c_create:
create(&mysql, argv[i]);
create(&mysql, user);
break;
case c_delete:
delete(&mysql, argv[i]);
delete(&mysql, user);
break;
case c_passwd:
passwd(&mysql, argv[i]);
passwd(&mysql, user);
break;
case c_show:
show(&mysql, argv[i]);
show(&mysql, user);
break;
default:
fprintf(stderr, "This point should never be reached.\n");