malloc server_version result not correctly handled may lead to memory corruption
pabloandresm opened this issue · 1 comments
pabloandresm commented
I suggest to change in the function "void MySQL_Packet::parse_handshake_packet()"
where it says:
server_version = (char *) malloc(i - 5);
strncpy(server_version, (char *) &buffer[5], i - 5);
by this:
if (i>5) {
server_version = (char *) malloc(i - 5);
if (server_version) {
strncpy(server_version, (char *) &buffer[5], i - 5);
server_version[i-5-1]=0;
}
}
this modification will verify a correct malloc(), and a correct \0 at the end of the strncpy(), which is not added by strncpy()
khoih-prog commented