From 6f45d7249785b056ed78916d33ec45045a43ed92 Mon Sep 17 00:00:00 2001
From: Adam <Adam@anope.org>
Date: Fri, 31 May 2013 18:34:21 -0400
Subject: Made m_mysql's Escape() function safe against escaping strings >
 BUFSIZE

---
 modules/extra/m_mysql.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/extra/m_mysql.cpp')

diff --git a/modules/extra/m_mysql.cpp b/modules/extra/m_mysql.cpp
index c42d82ee6..aefd643b8 100644
--- a/modules/extra/m_mysql.cpp
+++ b/modules/extra/m_mysql.cpp
@@ -469,9 +469,9 @@ bool MySQLService::CheckConnection()
 
 Anope::string MySQLService::Escape(const Anope::string &query)
 {
-	char buffer[BUFSIZE];
-	mysql_real_escape_string(this->sql, buffer, query.c_str(), query.length());
-	return buffer;
+	std::vector<char> buffer(query.length() * 2 + 1);
+	mysql_real_escape_string(this->sql, &buffer[0], query.c_str(), query.length());
+	return &buffer[0];
 }
 
 Anope::string MySQLService::BuildQuery(const Query &q)
-- 
cgit