diff options
| author | Adam <Adam@anope.org> | 2013-05-31 18:34:21 -0400 |
|---|---|---|
| committer | Adam <Adam@anope.org> | 2013-05-31 18:34:21 -0400 |
| commit | 6f45d7249785b056ed78916d33ec45045a43ed92 (patch) | |
| tree | ac7c8227f5ef85acfcc5cdcd8f3b705a7ae86d48 | |
| parent | f5c01bf617bc2d140d19ab9a927e4976d20d0c5f (diff) | |
Made m_mysql's Escape() function safe against escaping strings > BUFSIZE
| -rw-r--r-- | modules/extra/m_mysql.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/extra/m_mysql.cpp b/modules/extra/m_mysql.cpp index c42d82ee6..aefd643b8 100644 --- a/modules/extra/m_mysql.cpp +++ b/modules/extra/m_mysql.cpp @@ -469,9 +469,9 @@ bool MySQLService::CheckConnection() Anope::string MySQLService::Escape(const Anope::string &query) { - char buffer[BUFSIZE]; - mysql_real_escape_string(this->sql, buffer, query.c_str(), query.length()); - return buffer; + std::vector<char> buffer(query.length() * 2 + 1); + mysql_real_escape_string(this->sql, &buffer[0], query.c_str(), query.length()); + return &buffer[0]; } Anope::string MySQLService::BuildQuery(const Query &q) |