FIXED POTENTIAL BUFFER OVERFLOW IN STRING PARSING CODE.
This commit is contained in:
parent
33ffd2c485
commit
a15aa0f87a
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.8 2003-04-07 16:21:50 lkarsten Exp $
|
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.9 2004-11-16 20:59:42 lkarsten Exp $
|
||||||
*
|
*
|
||||||
* mysql-useradm.c
|
* mysql-useradm.c
|
||||||
*
|
*
|
||||||
|
@ -220,7 +220,6 @@ list(MYSQL *pmysql)
|
||||||
return userlist;
|
return userlist;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
main(int argc, char *argv[])
|
main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
|
@ -228,6 +227,7 @@ main(int argc, char *argv[])
|
||||||
enum { c_create, c_delete, c_passwd, c_show } command;
|
enum { c_create, c_delete, c_passwd, c_show } command;
|
||||||
MYSQL mysql;
|
MYSQL mysql;
|
||||||
char **dblist, **p;
|
char **dblist, **p;
|
||||||
|
char *user;
|
||||||
|
|
||||||
program_name = argv[0];
|
program_name = argv[0];
|
||||||
|
|
||||||
|
@ -285,31 +285,32 @@ main(int argc, char *argv[])
|
||||||
}
|
}
|
||||||
free(dblist);
|
free(dblist);
|
||||||
}
|
}
|
||||||
else
|
else {
|
||||||
{
|
user = malloc(64);
|
||||||
/* for each supplied database name, perform the requested action */
|
/* for each supplied database name, perform the requested action */
|
||||||
for (i = 2; i < argc; i++)
|
|
||||||
{
|
for (i = 2; i < argc; i++) {
|
||||||
if (! (owner(argv[i]) || member(argv[i])))
|
strncpy(user, argv[i], 32);
|
||||||
|
user[33] = '\0';
|
||||||
|
if (! (owner(user) || member(user)))
|
||||||
{
|
{
|
||||||
dberror(NULL, "You are not the owner of '%s'. Skipping.",
|
dberror(NULL, "You are not the owner of '%s'. Skipping.", user);
|
||||||
argv[i]);
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (command)
|
switch (command)
|
||||||
{
|
{
|
||||||
case c_create:
|
case c_create:
|
||||||
create(&mysql, argv[i]);
|
create(&mysql, user);
|
||||||
break;
|
break;
|
||||||
case c_delete:
|
case c_delete:
|
||||||
delete(&mysql, argv[i]);
|
delete(&mysql, user);
|
||||||
break;
|
break;
|
||||||
case c_passwd:
|
case c_passwd:
|
||||||
passwd(&mysql, argv[i]);
|
passwd(&mysql, user);
|
||||||
break;
|
break;
|
||||||
case c_show:
|
case c_show:
|
||||||
show(&mysql, argv[i]);
|
show(&mysql, user);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
fprintf(stderr, "This point should never be reached.\n");
|
fprintf(stderr, "This point should never be reached.\n");
|
||||||
|
|
Loading…
Reference in New Issue