Re: [courier-users] authmysql vs apostrophe [PATCH]

This is a discussion on Re: [courier-users] authmysql vs apostrophe [PATCH] within the Courier-Imap forums, part of the Mail Servers and Related category; Sam Varshavchik wrote: > Alessandro Vesely writes: >> Sam Varshavchik wrote: >>> Alessandro Vesely writes: >>&...


Go Back   Usenet Forums > Mail Servers and Related > Courier-Imap

Reload this Page Re: [courier-users] authmysql vs apostrophe [PATCH]

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-04-2008
Alessandro Vesely
 
Posts: n/a
Default Re: [courier-users] authmysql vs apostrophe [PATCH]
Sam Varshavchik wrote:
> Alessandro Vesely writes:
>> Sam Varshavchik wrote:
>>> Alessandro Vesely writes:
>>>
>>>>
>>>> * use mysql escape function also in a number of other places; the
>>>> MySQL team took years to get it straight...
>>>
>>> Well, I don't think they got it right. There's no bounds checking in
>>> mysql_real_escape_string! The documentation claims you just need to
>>> provide enough room at least twice as long as the string length, but
>>> then there are also some vague comments regarding the interaction of
>>> this function with the locale's character set, which leaves me with a
>>> somewhat uneasy feeling.
>>
>> Since they require 2*length+1, I assume they check that bound. I don't
>> know the details of the implementation, but doubling seems quite
>> enough. Even if mysql_real_escape_string() cannot fail, its output
>> will eventually be parsed using some other function which is
>> supposedly aware about what the former might have done.
>
> I looked at MySQL's source. Their code assumes that the buffer passed to
> mysql_real_escape_string is sized twice the size of the input buffer,
> plus one byte, and the code checks for overflow.

Great, thank you for confirming that.

> Still, the original
> patch looks to be too complicated than it needs to be,

I agree to some extent. I tried and built something that works
seamlessly in most cases, and the result is sub-optimal for the
remaining ones.

The more I think about it, the more I get convinced that an
_authmysql2_ module would better suit Courier's architecture and
style. I mentioned that on 21 April, along with the quoted names question.

> so I'll need to do this myself.

I did not work on a second patch since then, also because I'm late at
some other stuff (as usual...) However, I could try again if you'd
like and provide some more feedback, unless you start working on that
before I can find some spare time.











































-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:28 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0