hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix read of uninitialized memory when DNS lookup fails

Browse Source 
If the DNS lookup fails, the destination string buffer is used as-is and
thus it needs to be initialized to an empty string.
This commit is contained in:
Markus Mäkelä
2017-10-04 00:45:05 +03:00
parent 9280f1a5d7
commit 617abd0d52
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/modules/authenticator/MySQLAuth/dbusers.c
View File

@ -230,7 +230,7 @@ int validate_mysql_user(MYSQL_AUTH* instance, DCB *dcb, MYSQL_session *session,
* Try authentication with the hostname instead of the IP. We do this only * Try authentication with the hostname instead of the IP. We do this only
* as a last resort so we avoid the high cost of the DNS lookup. * as a last resort so we avoid the high cost of the DNS lookup.
*/ */
char client_hostname[MYSQL_HOST_MAXLEN]; char client_hostname[MYSQL_HOST_MAXLEN] = "";
get_hostname(dcb, client_hostname, sizeof(client_hostname) - 1); get_hostname(dcb, client_hostname, sizeof(client_hostname) - 1);
sprintf(sql, mysqlauth_validate_user_query, session->user, client_hostname, sprintf(sql, mysqlauth_validate_user_query, session->user, client_hostname,