From 0e09600a431d0e0f2cde6457e088d84caf6d6f5d Mon Sep 17 00:00:00 2001 From: attilamolnar Date: Sat, 1 Jun 2013 20:53:32 +0200 Subject: m_mysql Fix escaping strings longer than MAXBUF/2 Quotes from the documentation: "You must allocate the to buffer to be at least length*2+1 bytes long. (In the worst case, each character may need to be encoded as using two bytes, and you need room for the terminating null byte.)" "The return value is the length of the encoded string, not including the terminating null character." http://dev.mysql.com/doc/refman/5.6/en/mysql-real-escape-string.html --- src/modules/extra/m_mysql.cpp | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'src/modules') diff --git a/src/modules/extra/m_mysql.cpp b/src/modules/extra/m_mysql.cpp index 16c4485f3..b2bb44408 100644 --- a/src/modules/extra/m_mysql.cpp +++ b/src/modules/extra/m_mysql.cpp @@ -333,10 +333,15 @@ class SQLConnection : public SQLProvider if (param < p.size()) { std::string parm = p[param++]; - char buffer[MAXBUF]; - mysql_escape_string(buffer, parm.c_str(), parm.length()); + // In the worst case, each character may need to be encoded as using two bytes, + // and one byte is the terminating null + std::vector buffer(parm.length() * 2 + 1); + + // The return value of mysql_escape_string() is the length of the encoded string, + // not including the terminating null + unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length()); // mysql_real_escape_string(connection, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length()); - res.append(buffer); + res.append(&buffer[0], escapedsize); } } } @@ -362,9 +367,10 @@ class SQLConnection : public SQLProvider if (it != p.end()) { std::string parm = it->second; - char buffer[MAXBUF]; - mysql_escape_string(buffer, parm.c_str(), parm.length()); - res.append(buffer); + // NOTE: See above + std::vector buffer(parm.length() * 2 + 1); + unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length()); + res.append(&buffer[0], escapedsize); } } } -- cgit v1.2.3