diff options
author | Michael Widenius <monty@askmonty.org> | 2012-09-01 00:54:54 +0300 |
---|---|---|
committer | Michael Widenius <monty@askmonty.org> | 2012-09-01 00:54:54 +0300 |
commit | 1999be8d4e9d721243c51b04c76ba11ad1e9fa56 (patch) | |
tree | cd287f49c709f844d10d774643feb5843acf99a6 /sql-common | |
parent | 5a86a61219826aadf8d08cbc447fe438f2bf50c3 (diff) | |
parent | b45c551ee32d0d5260f4958abf93efab1a4614a2 (diff) | |
download | mariadb-git-1999be8d4e9d721243c51b04c76ba11ad1e9fa56.tar.gz |
Automatic merge with 5.5
Diffstat (limited to 'sql-common')
-rw-r--r-- | sql-common/client.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/sql-common/client.c b/sql-common/client.c index 337e5b7458c..d0f1a8d078c 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1,5 +1,5 @@ -/* - Copyright (c) 2003, 2011, Oracle and/or its affiliates. +/* Copyright (c) 2003, 2012, Oracle and/or its affiliates. + Copyright (c) 2009, 2012, Monty Program Ab This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1439,7 +1439,7 @@ static void cli_fetch_lengths(ulong *to, MYSQL_ROW column, ***************************************************************************/ MYSQL_FIELD * -unpack_fields(MYSQL_DATA *data,MEM_ROOT *alloc,uint fields, +unpack_fields(MYSQL *mysql, MYSQL_DATA *data,MEM_ROOT *alloc,uint fields, my_bool default_value, uint server_capabilities) { MYSQL_ROWS *row; @@ -1452,6 +1452,7 @@ unpack_fields(MYSQL_DATA *data,MEM_ROOT *alloc,uint fields, if (!result) { free_rows(data); /* Free old data */ + set_mysql_error(mysql, CR_OUT_OF_MEMORY, unknown_sqlstate); DBUG_RETURN(0); } bzero((char*) field, (uint) sizeof(MYSQL_FIELD)*fields); @@ -1479,6 +1480,14 @@ unpack_fields(MYSQL_DATA *data,MEM_ROOT *alloc,uint fields, field->org_name_length= lengths[5]; /* Unpack fixed length parts */ + if (lengths[6] != 12) + { + /* malformed packet. signal an error. */ + free_rows(data); /* Free old data */ + set_mysql_error(mysql, CR_MALFORMED_PACKET, unknown_sqlstate); + DBUG_RETURN(0); + } + pos= (uchar*) row->data[6]; field->charsetnr= uint2korr(pos); field->length= (uint) uint4korr(pos+2); @@ -3361,6 +3370,12 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, mysql->server_status=uint2korr(end+3); mysql->server_capabilities|= uint2korr(end+5) << 16; pkt_scramble_len= end[7]; + if (pkt_scramble_len < 0) + { + set_mysql_error(mysql, CR_MALFORMED_PACKET, + unknown_sqlstate); /* purecov: inspected */ + goto error; + } } end+= 18; @@ -3896,7 +3911,7 @@ get_info: if (!(fields=cli_read_rows(mysql,(MYSQL_FIELD*)0, protocol_41(mysql) ? 7:5))) DBUG_RETURN(1); - if (!(mysql->fields=unpack_fields(fields,&mysql->field_alloc, + if (!(mysql->fields=unpack_fields(mysql, fields,&mysql->field_alloc, (uint) field_count,0, mysql->server_capabilities))) DBUG_RETURN(1); |