Fix read of uninitialized memory when DNS lookup fails

If the DNS lookup fails, the destination string buffer is used as-is and thus it needs to be initialized to an empty string.
2017-10-04 00:45:05 +03:00 · 2017-10-04 00:45:05 +03:00 · 617abd0d52
commit 617abd0d52
parent 9280f1a5d7
1 changed files with 1 additions and 1 deletions
--- a/server/modules/authenticator/MySQLAuth/dbusers.c
+++ b/server/modules/authenticator/MySQLAuth/dbusers.c
@ -230,7 +230,7 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
         * Try authentication with the hostname instead of the IP. We do this only
         * as a last resort so we avoid the high cost of the DNS lookup.
         */
-        char client_hostname[MYSQL_HOST_MAXLEN];
+        char client_hostname[MYSQL_HOST_MAXLEN] = "";
        get_hostname(dcb, client_hostname, sizeof(client_hostname) - 1);

        sprintf(sql, mysqlauth_validate_user_query, session->user, client_hostname,