[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/mysqlnd/mysqlnd.c trunk/ext/mysqlnd/mysqlnd.c

Mon, 06 Dec 2010 05:51:11 -0800 

andrey                                   Mon, 06 Dec 2010 13:50:51 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=306008

Log:
don't crash if the API is used incorrectly

Changed paths:
    U   php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c
    U   php/php-src/trunk/ext/mysqlnd/mysqlnd.c

Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c  2010-12-06 13:12:16 UTC 
(rev 306007)
+++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c  2010-12-06 13:50:51 UTC 
(rev 306008)
@@ -1971,15 +1971,19 @@
                }
        }
        if (ret == PASS) {
+               char * tmp = NULL;
+               /* if we get conn->user as parameter and then we first free it, 
then estrndup it, we will crash */
+               tmp = mnd_pestrndup(user, user_len, conn->persistent);
                if (conn->user) {
                        mnd_pefree(conn->user, conn->persistent);
                }
-               conn->user = mnd_pestrndup(user, user_len, conn->persistent);
+               conn->user = tmp;

+               tmp = mnd_pestrdup(passwd, conn->persistent);
                if (conn->passwd) {
                        mnd_pefree(conn->passwd, conn->persistent);
                }
-               conn->passwd = mnd_pestrdup(passwd, conn->persistent);
+               conn->passwd = tmp;

                if (conn->last_message) {
                        mnd_pefree(conn->last_message, conn->persistent);

Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd.c
===================================================================
--- php/php-src/trunk/ext/mysqlnd/mysqlnd.c     2010-12-06 13:12:16 UTC (rev 
306007)
+++ php/php-src/trunk/ext/mysqlnd/mysqlnd.c     2010-12-06 13:50:51 UTC (rev 
306008)
@@ -1994,15 +1994,19 @@
                }
        }
        if (ret == PASS) {
+               char * tmp = NULL;
+               /* if we get conn->user as parameter and then we first free it, 
then estrndup it, we will crash */
+               tmp = mnd_pestrndup(user, user_len, conn->persistent);
                if (conn->user) {
                        mnd_pefree(conn->user, conn->persistent);
                }
-               conn->user = mnd_pestrndup(user, user_len, conn->persistent);
+               conn->user = tmp;

+               tmp = mnd_pestrdup(passwd, conn->persistent);
                if (conn->passwd) {
                        mnd_pefree(conn->passwd, conn->persistent);
                }
-               conn->passwd = mnd_pestrdup(passwd, conn->persistent);
+               conn->passwd = tmp;

                if (conn->last_message) {
                        mnd_pefree(conn->last_message, conn->persistent);


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to