File mysql-5.0.67-CVE-2010-1850.patch of Package mysql

Index: sql/sql_parse.cc
===================================================================
--- sql/sql_parse.cc.orig
+++ sql/sql_parse.cc
@@ -1961,8 +1961,16 @@ bool dispatch_command(enum enum_server_c
     if (thd->copy_db_to(&table_list.db, &table_list.db_length))
       break;
     pend= strend(packet);
+    uint arg_length= pend - packet;
+
+    /* Check given table name length. */
+    if (arg_length >= packet_length || arg_length > NAME_LEN)
+    {
+      my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));
+      break;
+    }
     thd->convert_string(&conv_name, system_charset_info,
-			packet, (uint) (pend-packet), thd->charset());
+			packet, arg_length, thd->charset());
     if (check_table_name (conv_name.str, conv_name.length))
     {
       /* this is OK due to convert_string() null-terminating the string */

Places

File mysql-5.0.67-CVE-2010-1850.patch of Package mysql

Places