Commit fdadfe51 authored by unknown's avatar unknown

Replace all sprintf() calls with my_snprintf() in client.c. All of the

format strings (in all languages) already included field limits on the
specifiers, so this is just protection against future mistakes. (Bug #7556)


sql-common/client.c:
  Replace all sprintf() calls with my_snprintf()
parent 0c57a67c
...@@ -321,7 +321,8 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host, ...@@ -321,7 +321,8 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host,
{ {
net->last_errno=CR_NAMEDPIPEOPEN_ERROR; net->last_errno=CR_NAMEDPIPEOPEN_ERROR;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
sprintf(net->last_error,ER(net->last_errno),host, unix_socket, my_snprintf(net->last_error, sizeof(net->last_error)-1,
ER(net->last_errno), host, unix_socket,
(ulong) GetLastError()); (ulong) GetLastError());
return INVALID_HANDLE_VALUE; return INVALID_HANDLE_VALUE;
} }
...@@ -330,7 +331,8 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host, ...@@ -330,7 +331,8 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host,
{ {
net->last_errno=CR_NAMEDPIPEWAIT_ERROR; net->last_errno=CR_NAMEDPIPEWAIT_ERROR;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
sprintf(net->last_error,ER(net->last_errno),host, unix_socket, my_snprintf(net->last_error, sizeof(net->last_error)-1,
ER(net->last_errno), host, unix_socket,
(ulong) GetLastError()); (ulong) GetLastError());
return INVALID_HANDLE_VALUE; return INVALID_HANDLE_VALUE;
} }
...@@ -339,7 +341,8 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host, ...@@ -339,7 +341,8 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host,
{ {
net->last_errno=CR_NAMEDPIPEOPEN_ERROR; net->last_errno=CR_NAMEDPIPEOPEN_ERROR;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
sprintf(net->last_error,ER(net->last_errno),host, unix_socket, my_snprintf(net->last_error, sizeof(net->last_error)-1,
ER(net->last_errno), host, unix_socket,
(ulong) GetLastError()); (ulong) GetLastError());
return INVALID_HANDLE_VALUE; return INVALID_HANDLE_VALUE;
} }
...@@ -349,7 +352,8 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host, ...@@ -349,7 +352,8 @@ HANDLE create_named_pipe(NET *net, uint connect_timeout, char **arg_host,
CloseHandle( hPipe ); CloseHandle( hPipe );
net->last_errno=CR_NAMEDPIPESETSTATE_ERROR; net->last_errno=CR_NAMEDPIPESETSTATE_ERROR;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
sprintf(net->last_error,ER(net->last_errno),host, unix_socket, my_snprintf(net->last_error, sizeof(net->last_error)-1,
ER(net->last_errno),host, unix_socket,
(ulong) GetLastError()); (ulong) GetLastError());
return INVALID_HANDLE_VALUE; return INVALID_HANDLE_VALUE;
} }
...@@ -563,9 +567,11 @@ HANDLE create_shared_memory(MYSQL *mysql,NET *net, uint connect_timeout) ...@@ -563,9 +567,11 @@ HANDLE create_shared_memory(MYSQL *mysql,NET *net, uint connect_timeout)
net->last_errno=error_allow; net->last_errno=error_allow;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
if (error_allow == CR_SHARED_MEMORY_EVENT_ERROR) if (error_allow == CR_SHARED_MEMORY_EVENT_ERROR)
sprintf(net->last_error,ER(net->last_errno),suffix_pos,error_code); my_snprintf(net->last_error,sizeof(net->last_error)-1,
ER(net->last_errno),suffix_pos,error_code);
else else
sprintf(net->last_error,ER(net->last_errno),error_code); my_snprintf(net->last_error,sizeof(net->last_error)-1,
ER(net->last_errno),error_code);
return(INVALID_HANDLE_VALUE); return(INVALID_HANDLE_VALUE);
} }
return(handle_map); return(handle_map);
...@@ -794,7 +800,8 @@ static int check_license(MYSQL *mysql) ...@@ -794,7 +800,8 @@ static int check_license(MYSQL *mysql)
if (net->last_errno == ER_UNKNOWN_SYSTEM_VARIABLE) if (net->last_errno == ER_UNKNOWN_SYSTEM_VARIABLE)
{ {
net->last_errno= CR_WRONG_LICENSE; net->last_errno= CR_WRONG_LICENSE;
sprintf(net->last_error, ER(net->last_errno), required_license); my_snprintf(net->last_error, sizeof(net->last_error)-1,
ER(net->last_errno), required_license);
} }
return 1; return 1;
} }
...@@ -811,7 +818,8 @@ static int check_license(MYSQL *mysql) ...@@ -811,7 +818,8 @@ static int check_license(MYSQL *mysql)
strncmp(row[0], required_license, sizeof(required_license)))) strncmp(row[0], required_license, sizeof(required_license))))
{ {
net->last_errno= CR_WRONG_LICENSE; net->last_errno= CR_WRONG_LICENSE;
sprintf(net->last_error, ER(net->last_errno), required_license); my_snprintf(net->last_error, sizeof(net->last_error)-1,
ER(net->last_errno), required_license);
} }
mysql_free_result(res); mysql_free_result(res);
return net->last_errno; return net->last_errno;
...@@ -1628,7 +1636,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1628,7 +1636,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
sock=0; sock=0;
unix_socket = 0; unix_socket = 0;
host=mysql->options.shared_memory_base_name; host=mysql->options.shared_memory_base_name;
sprintf(host_info=buff, ER(CR_SHARED_MEMORY_CONNECTION), host); my_snprintf(host_info=buff, sizeof(buff)-1,
ER(CR_SHARED_MEMORY_CONNECTION), host);
} }
} }
#endif /* HAVE_SMEM */ #endif /* HAVE_SMEM */
...@@ -1648,7 +1657,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1648,7 +1657,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
{ {
net->last_errno=CR_SOCKET_CREATE_ERROR; net->last_errno=CR_SOCKET_CREATE_ERROR;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
sprintf(net->last_error,ER(net->last_errno),socket_errno); my_snprintf(net->last_error,sizeof(net->last_error)-1,
ER(net->last_errno),socket_errno);
goto error; goto error;
} }
net->vio = vio_new(sock, VIO_TYPE_SOCKET, TRUE); net->vio = vio_new(sock, VIO_TYPE_SOCKET, TRUE);
...@@ -1662,7 +1672,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1662,7 +1672,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
socket_errno)); socket_errno));
net->last_errno=CR_CONNECTION_ERROR; net->last_errno=CR_CONNECTION_ERROR;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
sprintf(net->last_error,ER(net->last_errno),unix_socket,socket_errno); my_snprintf(net->last_error,sizeof(net->last_error)-1,
ER(net->last_errno),unix_socket,socket_errno);
goto error; goto error;
} }
mysql->options.protocol=MYSQL_PROTOCOL_SOCKET; mysql->options.protocol=MYSQL_PROTOCOL_SOCKET;
...@@ -1692,7 +1703,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1692,7 +1703,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
else else
{ {
net->vio=vio_new_win32pipe(hPipe); net->vio=vio_new_win32pipe(hPipe);
sprintf(host_info=buff, ER(CR_NAMEDPIPE_CONNECTION), unix_socket); my_snprintf(host_info=buff, sizeof(buff)-1,
ER(CR_NAMEDPIPE_CONNECTION), unix_socket);
} }
} }
#endif #endif
...@@ -1705,7 +1717,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1705,7 +1717,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
port=mysql_port; port=mysql_port;
if (!host) if (!host)
host=LOCAL_HOST; host=LOCAL_HOST;
sprintf(host_info=buff,ER(CR_TCP_CONNECTION),host); my_snprintf(host_info=buff,sizeof(buff)-1,ER(CR_TCP_CONNECTION),host);
DBUG_PRINT("info",("Server name: '%s'. TCP sock: %d", host,port)); DBUG_PRINT("info",("Server name: '%s'. TCP sock: %d", host,port));
#ifdef MYSQL_SERVER #ifdef MYSQL_SERVER
thr_alarm_init(&alarmed); thr_alarm_init(&alarmed);
...@@ -1720,7 +1732,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1720,7 +1732,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
{ {
net->last_errno=CR_IPSOCK_ERROR; net->last_errno=CR_IPSOCK_ERROR;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
sprintf(net->last_error,ER(net->last_errno),socket_errno); my_snprintf(net->last_error,sizeof(net->last_error)-1,
ER(net->last_errno),socket_errno);
goto error; goto error;
} }
net->vio = vio_new(sock,VIO_TYPE_TCPIP,FALSE); net->vio = vio_new(sock,VIO_TYPE_TCPIP,FALSE);
...@@ -1747,7 +1760,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1747,7 +1760,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
my_gethostbyname_r_free(); my_gethostbyname_r_free();
net->last_errno=CR_UNKNOWN_HOST; net->last_errno=CR_UNKNOWN_HOST;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
sprintf(net->last_error, ER(CR_UNKNOWN_HOST), host, tmp_errno); my_snprintf(net->last_error, sizeof(net->last_error)-1,
ER(CR_UNKNOWN_HOST), host, tmp_errno);
goto error; goto error;
} }
memcpy(&sock_addr.sin_addr, hp->h_addr, memcpy(&sock_addr.sin_addr, hp->h_addr,
...@@ -1762,7 +1776,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1762,7 +1776,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
host)); host));
net->last_errno= CR_CONN_HOST_ERROR; net->last_errno= CR_CONN_HOST_ERROR;
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
sprintf(net->last_error ,ER(CR_CONN_HOST_ERROR), host, socket_errno); my_snprintf(net->last_error, sizeof(net->last_error)-1,
ER(CR_CONN_HOST_ERROR), host, socket_errno);
goto error; goto error;
} }
} }
...@@ -1815,7 +1830,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -1815,7 +1830,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
{ {
strmov(net->sqlstate, unknown_sqlstate); strmov(net->sqlstate, unknown_sqlstate);
net->last_errno= CR_VERSION_ERROR; net->last_errno= CR_VERSION_ERROR;
sprintf(net->last_error, ER(CR_VERSION_ERROR), mysql->protocol_version, my_snprintf(net->last_error, sizeof(net->last_error)-1,
ER(CR_VERSION_ERROR), mysql->protocol_version,
PROTOCOL_VERSION); PROTOCOL_VERSION);
goto error; goto error;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment