~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to libdrizzle-2.0/handshake.cc

  • Committer: Brian Aker
  • Date: 2011-11-18 02:03:41 UTC
  • mto: (2463.1.1 drizzle-include)
  • mto: This revision was merged to the branch mainline in revision 2462.
  • Revision ID: brian@tangent.org-20111118020341-mgz2m1kjo62al44e
Fix safety issues around calling API with no check for NULL

Show diffs side-by-side

added added

removed removed

Lines of Context:
401
401
  con->buffer_ptr+= 1;
402
402
 
403
403
  if (scramble_size == 0)
 
404
  {
404
405
    con->scramble= NULL;
 
406
  }
405
407
  else
406
408
  {
407
409
    if (scramble_size != DRIZZLE_MAX_SCRAMBLE_SIZE)
418
420
    con->buffer_ptr+= DRIZZLE_MAX_SCRAMBLE_SIZE;
419
421
  }
420
422
 
421
 
  /* Look for null-terminated db string. */
422
 
  if ((34 + strlen(con->user) + scramble_size) == con->packet_size)
423
 
    con->db[0]= 0;
 
423
  /* Look for null-terminated schema string. */
 
424
  if ((34 + strlen(con->user) +scramble_size) == con->packet_size)
 
425
  {
 
426
    con->schema[0]= 0;
 
427
  }
424
428
  else
425
429
  {
426
430
    ptr= (uint8_t *)memchr(con->buffer_ptr, 0, con->buffer_size -
428
432
    if (ptr == NULL)
429
433
    {
430
434
      drizzle_set_error(con->drizzle, "drizzle_state_handshake_client_read",
431
 
                        "db string not found");
 
435
                        "schema string not found");
432
436
      return DRIZZLE_RETURN_BAD_HANDSHAKE_PACKET;
433
437
    }
434
438
 
442
446
 
443
447
    if (con->buffer_ptr == ptr)
444
448
    {
445
 
      con->db[0]= 0;
 
449
      con->schema[0]= 0;
446
450
      con->buffer_ptr++;
447
451
    }
448
452
    else
449
453
    {
450
 
      strncpy(con->db, (char *)con->buffer_ptr, DRIZZLE_MAX_DB_SIZE);
451
 
      con->db[DRIZZLE_MAX_DB_SIZE - 1]= 0;
 
454
      strncpy(con->schema, (char *)con->buffer_ptr, DRIZZLE_MAX_DB_SIZE);
 
455
      con->schema[DRIZZLE_MAX_DB_SIZE - 1]= 0;
452
456
      con->buffer_ptr+= ((ptr - con->buffer_ptr) + 1);
453
457
    }
454
458
  }
471
475
{
472
476
  uint8_t *ptr;
473
477
  int capabilities;
474
 
  drizzle_return_t ret;
475
478
 
476
479
  drizzle_log_debug(con->drizzle, "drizzle_state_handshake_client_write");
477
480
 
483
486
                  + strlen(con->user) + 1
484
487
                  + 1   /* Scramble size */
485
488
                  + DRIZZLE_MAX_SCRAMBLE_SIZE
486
 
                  + strlen(con->db) + 1;
 
489
                  + strlen(con->schema) + 1;
487
490
 
488
491
  /* Assume the entire handshake packet will fit in the buffer. */
489
492
  if ((con->packet_size + 4) > DRIZZLE_MAX_BUFFER_SIZE)
501
504
  ptr+= 4;
502
505
 
503
506
  if (con->options & DRIZZLE_CON_MYSQL)
 
507
  {
504
508
    con->capabilities|= DRIZZLE_CAPABILITIES_PROTOCOL_41;
 
509
  }
505
510
 
506
511
  capabilities= con->capabilities & DRIZZLE_CAPABILITIES_CLIENT;
507
512
  if (!(con->options & DRIZZLE_CON_FOUND_ROWS))
523
528
  }
524
529
 
525
530
  capabilities&= ~(DRIZZLE_CAPABILITIES_COMPRESS | DRIZZLE_CAPABILITIES_SSL);
526
 
  if (con->db[0] == 0)
 
531
  if (con->schema[0] == 0)
 
532
  {
527
533
    capabilities&= ~DRIZZLE_CAPABILITIES_CONNECT_WITH_DB;
 
534
  }
528
535
 
529
536
  drizzle_set_byte4(ptr, capabilities);
530
537
  ptr+= 4;
538
545
  memset(ptr, 0, 23);
539
546
  ptr+= 23;
540
547
 
 
548
  drizzle_return_t ret;
541
549
  ptr= drizzle_pack_auth(con, ptr, &ret);
542
550
  if (ret != DRIZZLE_RETURN_OK)
 
551
  {
543
552
    return ret;
 
553
  }
544
554
 
545
555
  con->buffer_size+= (4 + con->packet_size);
546
556
 
562
572
 
563
573
drizzle_return_t drizzle_state_handshake_result_read(drizzle_con_st *con)
564
574
{
565
 
  drizzle_return_t ret;
566
575
  drizzle_result_st result;
567
576
 
568
577
  drizzle_log_debug(con->drizzle, "drizzle_state_handshake_result_read");
569
578
 
570
579
  if (drizzle_result_create(con, &result) == NULL)
 
580
  {
571
581
    return DRIZZLE_RETURN_MEMORY;
 
582
  }
572
583
 
573
584
  con->result= &result;
574
585
 
575
 
  ret= drizzle_state_result_read(con);
 
586
  drizzle_return_t ret= drizzle_state_result_read(con);
576
587
  if (drizzle_state_none(con))
577
588
  {
578
589
    if (ret == DRIZZLE_RETURN_OK)
591
602
  drizzle_result_free(&result);
592
603
 
593
604
  if (ret == DRIZZLE_RETURN_ERROR_CODE)
 
605
  {
594
606
    return DRIZZLE_RETURN_HANDSHAKE_FAILED;
 
607
  }
595
608
 
596
609
  return ret;
597
610
}