fjernet heng ved forsøk på drop av ikke-eksisterende databaser.

fjernet heng ved forsøk på create av eksisterende databaser.
fjernet mulighet for buffer overflows i databasenavnet.
This commit is contained in:
Lasse Karstensen 2004-11-16 20:56:51 +00:00
parent 05db606260
commit bcf7ceab37
1 changed files with 41 additions and 23 deletions

View File

@ -1,5 +1,5 @@
/* /*
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.11 2003-04-08 18:31:53 lkarsten Exp $ * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.12 2004-11-16 20:56:51 lkarsten Exp $
* *
* mysql-dbadm.c * mysql-dbadm.c
* *
@ -87,9 +87,19 @@ usage()
int int
create(MYSQL *pmysql, char *db) create(MYSQL *pmysql, char *db)
{ {
if (mysql_create_db(pmysql, db)) // hvis man forsøker å dra mysql_create_db() på en database som
return dberror(pmysql, "Cannot create database '%s'.", db); // allerede finnes, så henger bare hele sql-kallet. Vi må derfor
// forsøke å selecte databasen først. Ettersom man alltid er root,
// går jo dette vanligvis bra.
// finner ut om denne finnes fra før.
if (!mysql_select_db(pmysql, db)) {
return dberror(pmysql, "Database '%s' already exists.", db);
}
mysql_select_db(pmysql, "mysql");
// oppretter databasen.
if (mysql_create_db(pmysql, db)) {
return dberror(pmysql, "Cannot create database '%s'.", db);
}
fprintf(stderr, "Database '%s' created.\n", db); fprintf(stderr, "Database '%s' created.\n", db);
return 0; return 0;
} }
@ -104,6 +114,12 @@ drop(MYSQL *pmysql, char *db)
if (mysql_query(pmysql, query)) if (mysql_query(pmysql, query))
dberror(pmysql, "Failed to delete permissions for database '%s'.", db); dberror(pmysql, "Failed to delete permissions for database '%s'.", db);
if (mysql_select_db(pmysql, db)) {
dberror(pmysql, "Database '%s' doesn't exists.", db);
return 0;
}
mysql_select_db(pmysql, "mysql");
if (mysql_drop_db(pmysql, db)) if (mysql_drop_db(pmysql, db))
return dberror(pmysql, "Cannot drop database '%s'.", db); return dberror(pmysql, "Cannot drop database '%s'.", db);
@ -406,6 +422,7 @@ main(int argc, char *argv[])
enum { c_create, c_drop, c_editperm, c_show } command; enum { c_create, c_drop, c_editperm, c_show } command;
MYSQL mysql; MYSQL mysql;
char **dblist, **p; char **dblist, **p;
char *db;
program_name = argv[0]; program_name = argv[0];
@ -464,37 +481,38 @@ main(int argc, char *argv[])
} }
free(dblist); free(dblist);
} }
else else {
{ db = malloc(64);
/* for each supplied database name, perform the requested action */ /* for each supplied database name, perform the requested action */
for (i = 2; i < argc; i++) for (i = 2; i < argc; i++) {
{ // HE HE
if (! (owner(argv[i]) || member(argv[i]))) strncpy(db, argv[i], 32);
{ db[33] = '\0';
dberror(NULL, "You are not the owner of '%s'. Skipping.",
argv[i]);
continue;
}
switch (command) if (! (owner(db) || member(db))) {
{ dberror(NULL, "You are not the owner of '%s'. Skipping.",
db);
continue;
}
switch (command) {
case c_create: case c_create:
create(&mysql, argv[i]); create(&mysql, db);
break; break;
case c_drop: case c_drop:
drop(&mysql, argv[i]); drop(&mysql, db);
break; break;
case c_editperm: case c_editperm:
editperm(&mysql, argv[i]); editperm(&mysql, db);
break; break;
case c_show: case c_show:
show(&mysql, argv[i]); show(&mysql, db);
break; break;
default: default:
return dberror(NULL, "This point should never be reached!"); return dberror(NULL, "This point should never be reached!");
} }
} } // for
} } // else
mysql_reload(&mysql); mysql_reload(&mysql);
mysql_close(&mysql); mysql_close(&mysql);