File tree Expand file tree Collapse file tree 1 file changed +27
-0
lines changed Expand file tree Collapse file tree 1 file changed +27
-0
lines changed Original file line number Diff line number Diff line change @@ -1242,6 +1242,9 @@ char *get_56_lenc_string(char **buffer,
1242
1242
{
1243
1243
static char empty_string[1 ]= { ' \0 ' };
1244
1244
char *begin= *buffer;
1245
+ uchar *pos= (uchar *)begin;
1246
+ size_t required_length= 9 ;
1247
+
1245
1248
1246
1249
if (*max_bytes_available == 0 )
1247
1250
return NULL ;
@@ -1262,13 +1265,37 @@ char *get_56_lenc_string(char **buffer,
1262
1265
return empty_string;
1263
1266
}
1264
1267
1268
+ /* Make sure we have enough bytes available for net_field_length_ll */
1269
+ DBUG_EXECUTE_IF (" buffer_too_short_3" ,
1270
+ *pos= 252 ; *max_bytes_available= 2 ;
1271
+ );
1272
+ DBUG_EXECUTE_IF (" buffer_too_short_4" ,
1273
+ *pos= 253 ; *max_bytes_available= 3 ;
1274
+ );
1275
+ DBUG_EXECUTE_IF (" buffer_too_short_9" ,
1276
+ *pos= 254 ; *max_bytes_available= 8 ;
1277
+ );
1278
+
1279
+ if (*pos <= 251 )
1280
+ required_length= 1 ;
1281
+ if (*pos == 252 )
1282
+ required_length= 3 ;
1283
+ if (*pos == 253 )
1284
+ required_length= 4 ;
1285
+
1286
+ if (*max_bytes_available < required_length)
1287
+ return NULL ;
1288
+
1265
1289
*string_length= (size_t )net_field_length_ll ((uchar **)buffer);
1266
1290
1267
1291
DBUG_EXECUTE_IF (" sha256_password_scramble_too_long" ,
1268
1292
*string_length= SIZE_T_MAX;
1269
1293
);
1270
1294
1271
1295
size_t len_len= (size_t )(*buffer - begin);
1296
+
1297
+ DBUG_ASSERT ((*max_bytes_available >= len_len) &&
1298
+ (len_len == required_length));
1272
1299
1273
1300
if (*string_length > *max_bytes_available - len_len)
1274
1301
return NULL ;
You can’t perform that action at this time.
0 commit comments