MXS-1628: Fix default database extraction

The default database was not extracted correctly as the length of the user's name did not include the null terminator. Also the comparison for database name length used the smaller than operator instead of the correct larger than operator.
2018-05-15 11:11:22 +03:00 · 2018-05-15 11:11:22 +03:00 · 3e0a0988f0
commit 3e0a0988f0
parent 4e6184c894
1 changed files with 20 additions and 14 deletions
--- a/server/modules/protocol/MySQL/MySQLClient/mysql_client.c
+++ b/server/modules/protocol/MySQL/MySQLClient/mysql_client.c
@ -601,24 +601,30 @@ static void store_client_information(DCB *dcb, GWBUF *buffer)
        const char* username = (const char*)data + MYSQL_AUTH_PACKET_BASE_SIZE;
        int userlen = get_zstr_len(username, len - MYSQL_AUTH_PACKET_BASE_SIZE);

-        if (userlen != -1 && (int)sizeof(ses->user) > userlen)
+        if (userlen != -1)
        {
-            strcpy(ses->user, username);
-        }
-
-        if (proto->client_capabilities & GW_MYSQL_CAPABILITIES_CONNECT_WITH_DB)
-        {
-            /** Client is connecting with a default database */
-            uint8_t authlen = data[MYSQL_AUTH_PACKET_BASE_SIZE + userlen];
-            size_t dboffset = MYSQL_AUTH_PACKET_BASE_SIZE + userlen + authlen + 1;
-
-            if (dboffset < len)
+            if ((int)sizeof(ses->user) > userlen)
            {
-                int dblen = get_zstr_len((const char*)data + dboffset, len - dboffset);
+                strcpy(ses->user, username);
+            }

-                if (dblen != -1 && (int)sizeof(ses->db) < dblen)
+            // Include the null terminator in the user length
+            userlen++;
+
+            if (proto->client_capabilities & GW_MYSQL_CAPABILITIES_CONNECT_WITH_DB)
+            {
+                /** Client is connecting with a default database */
+                uint8_t authlen = data[MYSQL_AUTH_PACKET_BASE_SIZE + userlen];
+                size_t dboffset = MYSQL_AUTH_PACKET_BASE_SIZE + userlen + authlen + 1;
+
+                if (dboffset < len)
                {
-                    strcpy(ses->db, (const char*)data + dboffset);
+                    int dblen = get_zstr_len((const char*)data + dboffset, len - dboffset);
+
+                    if (dblen != -1 && (int)sizeof(ses->db) > dblen)
+                    {
+                        strcpy(ses->db, (const char*)data + dboffset);
+                    }
                }
            }
        }