Commit 93b38c5f authored by reggie@mdk10.(none)'s avatar reggie@mdk10.(none)

Bug #9148 Denial of Service


my_access.c:
  Fixed problem where in some cases check_if_legal_filename was returning 0 for illegal names
parent 26dc9492
...@@ -93,18 +93,20 @@ int check_if_legal_filename(const char *path) ...@@ -93,18 +93,20 @@ int check_if_legal_filename(const char *path)
path+= dirname_length(path); /* To start of filename */ path+= dirname_length(path); /* To start of filename */
if (!(end= strchr(path, FN_EXTCHAR))) if (!(end= strchr(path, FN_EXTCHAR)))
end= strend(path); end= strend(path);
if (path == end || (uint) (path - end) > MAX_RESERVED_NAME_LENGTH) if (path == end || (uint) (end - path) > MAX_RESERVED_NAME_LENGTH)
DBUG_RETURN(0); /* Simplify inner loop */ DBUG_RETURN(0); /* Simplify inner loop */
for (reserved_name= reserved_names; *reserved_name; reserved_name++) for (reserved_name= reserved_names; *reserved_name; reserved_name++)
{ {
const char *name= path; const char *name= path;
while (name != end) const char *current_reserved_name= *reserved_name;
while (name != end && *current_reserved_name)
{ {
if (my_toupper(&my_charset_latin1, *path) != if (*current_reserved_name != my_toupper(&my_charset_latin1, *name))
my_toupper(&my_charset_latin1, *name))
break; break;
if (name++ == end) current_reserved_name++;
if (++name == end)
DBUG_RETURN(1); /* Found wrong path */ DBUG_RETURN(1); /* Found wrong path */
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment