From a15aa0f87a1391a018a37ad56f34224133db9d11 Mon Sep 17 00:00:00 2001
From: Lasse Karstensen <lkarsten@ntnu.no>
Date: Tue, 16 Nov 2004 20:59:42 +0000
Subject: [PATCH] FIXED POTENTIAL BUFFER OVERFLOW IN STRING PARSING CODE.
---
mysql-useradm.c | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/mysql-useradm.c b/mysql-useradm.c
index 48b6cc4..c0ba4f7 100644
--- a/mysql-useradm.c
+++ b/mysql-useradm.c
@@ -1,5 +1,5 @@
/*
- * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.8 2003-04-07 16:21:50 lkarsten Exp $
+ * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.9 2004-11-16 20:59:42 lkarsten Exp $
*
* mysql-useradm.c
*
@@ -220,7 +220,6 @@ list(MYSQL *pmysql)
return userlist;
}
-
int
main(int argc, char *argv[])
{
@@ -228,6 +227,7 @@ main(int argc, char *argv[])
enum { c_create, c_delete, c_passwd, c_show } command;
MYSQL mysql;
char **dblist, **p;
+ char *user;
program_name = argv[0];
@@ -285,31 +285,32 @@ main(int argc, char *argv[])
}
free(dblist);
}
- else
- {
- /* for each supplied database name, perform the requested action */
- for (i = 2; i < argc; i++)
- {
- if (! (owner(argv[i]) || member(argv[i])))
+ else {
+ user = malloc(64);
+ /* for each supplied database name, perform the requested action */
+
+ for (i = 2; i < argc; i++) {
+ strncpy(user, argv[i], 32);
+ user[33] = '\0';
+ if (! (owner(user) || member(user)))
{
- dberror(NULL, "You are not the owner of '%s'. Skipping.",
- argv[i]);
+ dberror(NULL, "You are not the owner of '%s'. Skipping.", user);
continue;
}
switch (command)
{
case c_create:
- create(&mysql, argv[i]);
+ create(&mysql, user);
break;
case c_delete:
- delete(&mysql, argv[i]);
+ delete(&mysql, user);
break;
case c_passwd:
- passwd(&mysql, argv[i]);
+ passwd(&mysql, user);
break;
case c_show:
- show(&mysql, argv[i]);
+ show(&mysql, user);
break;
default:
fprintf(stderr, "This point should never be reached.\n");