• Marcin Babij's avatar
    BUG#18779944: MYSQLDUMP BUFFER OVERFLOW · 220c9332
    Marcin Babij authored
    Mysqldump overflows stack buffer when copying table name from commandline arguments resulting in stack corruption and ability to execute arbitrary code.
    
    Fix: Check length of all positional arguments passed to mysqldump is smaller than NAME_LEN.
    Note: Mysqldump heavily depends on that database objects (databases, tablespaces, tables, etc) are limited to small size (now it is 64).
    220c9332
mysqldump.c 171 KB