Alessandro Vesely writes:
* use mysql escape function also in a number of other places; the MySQL team took years to get it straight...
Well, I don't think they got it right. There's no bounds checking in mysql_real_escape_string! The documentation claims you just need to provide enough room at least twice as long as the string length, but then there are also some vague comments regarding the interaction of this function with the locale's character set, which leaves me with a somewhat uneasy feeling.
This is too dangerous, and opens the possibility of exploitable buffer overflow -- and it looks to me like your patch takes into account the additional buffer requirements, I don't see anything in the patch that allocates sufficient memory for the potentially escaped string.
This is much more tricky that it seems at first. It's possible to do this right, but it will require much more elbow grease.
pgp03sJeDE8FZ.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
