• cmiller@zippy.cornsilk.net's avatar
    Bug #28984: crasher on connect with out of range password length in \ · 4584ac2c
    cmiller@zippy.cornsilk.net authored
    	protocol
    
    One could send a malformed packet that caused the server to SEGV.  In 
    recent versions of the password protocol, the client tells the server 
    what length the ciphertext is (almost always 20).  If that length was
    large enough to overflow a signed char, then the number would jump to 
    very large after being casted to unsigned int.
    
    Instead, cast the *passwd char to uchar. 
    4584ac2c
sql_parse.cc 172 KB