From 3e0a0988f0428cd63b04761787f00472738ad4c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Tue, 15 May 2018 11:11:22 +0300
Subject: [PATCH] MXS-1628: Fix default database extraction

The default database was not extracted correctly as the length of the
user's name did not include the null terminator. Also the comparison for
database name length used the smaller than operator instead of the correct
larger than operator.
---
 .../protocol/MySQL/MySQLClient/mysql_client.c | 34 +++++++++++--------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/server/modules/protocol/MySQL/MySQLClient/mysql_client.c b/server/modules/protocol/MySQL/MySQLClient/mysql_client.c
index 3ce99b8e8..10fb7e88a 100644
--- a/server/modules/protocol/MySQL/MySQLClient/mysql_client.c
+++ b/server/modules/protocol/MySQL/MySQLClient/mysql_client.c
@@ -601,24 +601,30 @@ static void store_client_information(DCB *dcb, GWBUF *buffer)
         const char* username = (const char*)data + MYSQL_AUTH_PACKET_BASE_SIZE;
         int userlen = get_zstr_len(username, len - MYSQL_AUTH_PACKET_BASE_SIZE);
 
-        if (userlen != -1 && (int)sizeof(ses->user) > userlen)
+        if (userlen != -1)
         {
-            strcpy(ses->user, username);
-        }
-
-        if (proto->client_capabilities & GW_MYSQL_CAPABILITIES_CONNECT_WITH_DB)
-        {
-            /** Client is connecting with a default database */
-            uint8_t authlen = data[MYSQL_AUTH_PACKET_BASE_SIZE + userlen];
-            size_t dboffset = MYSQL_AUTH_PACKET_BASE_SIZE + userlen + authlen + 1;
-
-            if (dboffset < len)
+            if ((int)sizeof(ses->user) > userlen)
             {
-                int dblen = get_zstr_len((const char*)data + dboffset, len - dboffset);
+                strcpy(ses->user, username);
+            }
 
-                if (dblen != -1 && (int)sizeof(ses->db) < dblen)
+            // Include the null terminator in the user length
+            userlen++;
+
+            if (proto->client_capabilities & GW_MYSQL_CAPABILITIES_CONNECT_WITH_DB)
+            {
+                /** Client is connecting with a default database */
+                uint8_t authlen = data[MYSQL_AUTH_PACKET_BASE_SIZE + userlen];
+                size_t dboffset = MYSQL_AUTH_PACKET_BASE_SIZE + userlen + authlen + 1;
+
+                if (dboffset < len)
                 {
-                    strcpy(ses->db, (const char*)data + dboffset);
+                    int dblen = get_zstr_len((const char*)data + dboffset, len - dboffset);
+
+                    if (dblen != -1 && (int)sizeof(ses->db) > dblen)
+                    {
+                        strcpy(ses->db, (const char*)data + dboffset);
+                    }
                 }
             }
         }