From 0e09600a431d0e0f2cde6457e088d84caf6d6f5d Mon Sep 17 00:00:00 2001
From: attilamolnar <attilamolnar@hush.com>
Date: Sat, 1 Jun 2013 20:53:32 +0200
Subject: [PATCH] m_mysql Fix escaping strings longer than MAXBUF/2

Quotes from the documentation:
"You must allocate the to buffer to be at least length*2+1 bytes long. (In the worst case, each character may need to be encoded as using two bytes, and you need room for the terminating null byte.)"

"The return value is the length of the encoded string, not including the terminating null character."

http://dev.mysql.com/doc/refman/5.6/en/mysql-real-escape-string.html
---
 src/modules/extra/m_mysql.cpp | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/modules/extra/m_mysql.cpp b/src/modules/extra/m_mysql.cpp
index 16c4485f3..b2bb44408 100644
--- a/src/modules/extra/m_mysql.cpp
+++ b/src/modules/extra/m_mysql.cpp
@@ -333,10 +333,15 @@ class SQLConnection : public SQLProvider
 				if (param < p.size())
 				{
 					std::string parm = p[param++];
-					char buffer[MAXBUF];
-					mysql_escape_string(buffer, parm.c_str(), parm.length());
+					// In the worst case, each character may need to be encoded as using two bytes,
+					// and one byte is the terminating null
+					std::vector<char> buffer(parm.length() * 2 + 1);
+
+					// The return value of mysql_escape_string() is the length of the encoded string,
+					// not including the terminating null
+					unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length());
 //					mysql_real_escape_string(connection, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length());
-					res.append(buffer);
+					res.append(&buffer[0], escapedsize);
 				}
 			}
 		}
@@ -362,9 +367,10 @@ class SQLConnection : public SQLProvider
 				if (it != p.end())
 				{
 					std::string parm = it->second;
-					char buffer[MAXBUF];
-					mysql_escape_string(buffer, parm.c_str(), parm.length());
-					res.append(buffer);
+					// NOTE: See above
+					std::vector<char> buffer(parm.length() * 2 + 1);
+					unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length());
+					res.append(&buffer[0], escapedsize);
 				}
 			}
 		}
-- 
2.39.5