From a15aa0f87a1391a018a37ad56f34224133db9d11 Mon Sep 17 00:00:00 2001 From: Lasse Karstensen Date: Tue, 16 Nov 2004 20:59:42 +0000 Subject: [PATCH] FIXED POTENTIAL BUFFER OVERFLOW IN STRING PARSING CODE. --- mysql-useradm.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/mysql-useradm.c b/mysql-useradm.c index 48b6cc4..c0ba4f7 100644 --- a/mysql-useradm.c +++ b/mysql-useradm.c @@ -1,5 +1,5 @@ /* - * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.8 2003-04-07 16:21:50 lkarsten Exp $ + * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.9 2004-11-16 20:59:42 lkarsten Exp $ * * mysql-useradm.c * @@ -220,7 +220,6 @@ list(MYSQL *pmysql) return userlist; } - int main(int argc, char *argv[]) { @@ -228,6 +227,7 @@ main(int argc, char *argv[]) enum { c_create, c_delete, c_passwd, c_show } command; MYSQL mysql; char **dblist, **p; + char *user; program_name = argv[0]; @@ -285,31 +285,32 @@ main(int argc, char *argv[]) } free(dblist); } - else - { - /* for each supplied database name, perform the requested action */ - for (i = 2; i < argc; i++) - { - if (! (owner(argv[i]) || member(argv[i]))) + else { + user = malloc(64); + /* for each supplied database name, perform the requested action */ + + for (i = 2; i < argc; i++) { + strncpy(user, argv[i], 32); + user[33] = '\0'; + if (! (owner(user) || member(user))) { - dberror(NULL, "You are not the owner of '%s'. Skipping.", - argv[i]); + dberror(NULL, "You are not the owner of '%s'. Skipping.", user); continue; } switch (command) { case c_create: - create(&mysql, argv[i]); + create(&mysql, user); break; case c_delete: - delete(&mysql, argv[i]); + delete(&mysql, user); break; case c_passwd: - passwd(&mysql, argv[i]); + passwd(&mysql, user); break; case c_show: - show(&mysql, argv[i]); + show(&mysql, user); break; default: fprintf(stderr, "This point should never be reached.\n");