Skip to content

Commit d9400c8

Browse files
author
Marcin Babij
committed
Bug #18636874 PASSWORD VALIDATE PLUGIN: DICTIONARY CHECK MISBEHAVES WITH GOOD HEX INPUT
Running PASSWORD on non-text can lead to memory access problems. This is due to std::string being constructed on the buffer, but it ignore length of the buffer.
1 parent 087c2f0 commit d9400c8

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

plugin/password_validation/validate_password.cc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -227,7 +227,7 @@ static int validate_dictionary_check(mysql_string_handle password)
227227
mysql_string_free(lower_string_handle);
228228
int substr_pos= 0;
229229
int substr_length= length;
230-
string_type password_str= (const char *)buffer;
230+
string_type password_str= string_type((const char *)buffer, length);
231231
string_type password_substr;
232232
set_type::iterator itr;
233233
/*

0 commit comments

Comments
 (0)