m_mysql Fix escaping strings longer than MAXBUF/2

Quotes from the documentation:
"You must allocate the to buffer to be at least length*2+1 bytes long. (In the worst case, each character may need to be encoded as using two bytes, and you need room for the terminating null byte.)"

"The return value is the length of the encoded string, not including the terminating null character."

http://dev.mysql.com/doc/refman/5.6/en/mysql-real-escape-string.html

1 files changed, 12 insertions, 6 deletions

diff --git a/src/modules/extra/m_mysql.cpp b/src/modules/extra/m_mysql.cpp
index 16c4485f3..b2bb44408 100644
--- a/src/modules/extra/m_mysql.cpp
+++ b/src/modules/extra/m_mysql.cpp
@@ -333,10 +333,15 @@ class SQLConnection : public SQLProvider
 				if (param < p.size())
 				{
 					std::string parm = p[param++];
-					char buffer[MAXBUF];
-					mysql_escape_string(buffer, parm.c_str(), parm.length());
+					// In the worst case, each character may need to be encoded as using two bytes,
+					// and one byte is the terminating null
+					std::vector<char> buffer(parm.length() * 2 + 1);
+
+					// The return value of mysql_escape_string() is the length of the encoded string,
+					// not including the terminating null
+					unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length());
 //					mysql_real_escape_string(connection, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length());
-					res.append(buffer);
+					res.append(&buffer[0], escapedsize);
 				}
 			}
 		}
@@ -362,9 +367,10 @@ class SQLConnection : public SQLProvider
 				if (it != p.end())
 				{
 					std::string parm = it->second;
-					char buffer[MAXBUF];
-					mysql_escape_string(buffer, parm.c_str(), parm.length());
-					res.append(buffer);
+					// NOTE: See above
+					std::vector<char> buffer(parm.length() * 2 + 1);
+					unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length());
+					res.append(&buffer[0], escapedsize);
 				}
 			}
 		}