Manual merge from mysql-5.1 for Bug#11764168 (56976: Severe denial

of service in prepared statements). sql/sql_prepare.cc: At mysql_stmt_get_longdata(): instead of pushing an internal error handler (as done in 5.1-tree) we save, set and restore the statement's diagnostics area and warning info.
author: Dmitry Shulga <Dmitry.Shulga@oracle.com> 2011-03-15 18:57:36 +0600
committer: Dmitry Shulga <Dmitry.Shulga@oracle.com> 2011-03-15 18:57:36 +0600
commit: feb6d223285e91d435f3c72f2dc3f2b5e73c0f4a (patch)
tree: 0f5b82b368f0393b2467be245564bcd49d0933f9 /sql/item.cc
parent: f94e7288e33332584074ee85f625db9a93f2369c (diff)
parent: 9320dca994fdae18c549cb59266d49846dc1f839 (diff)
download: mariadb-git-feb6d223285e91d435f3c72f2dc3f2b5e73c0f4a.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/sql/item.cc b/sql/item.cc
index 2090a1e4eda..e930143edfa 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -2885,6 +2885,16 @@ bool Item_param::set_longdata(const char *str, ulong length)
     (here), and first have to concatenate all pieces together,
     write query to the binary log and only then perform conversion.
   */
+  if (str_value.length() + length > max_long_data_size)
+  {
+    my_message(ER_UNKNOWN_ERROR,
+               "Parameter of prepared statement which is set through "
+               "mysql_send_long_data() is longer than "
+               "'max_long_data_size' bytes",
+               MYF(0));
+    DBUG_RETURN(true);
+  }
+
   if (str_value.append(str, length, &my_charset_bin))
     DBUG_RETURN(TRUE);
   state= LONG_DATA_VALUE;
author	Dmitry Shulga <Dmitry.Shulga@oracle.com>	2011-03-15 18:57:36 +0600
committer	Dmitry Shulga <Dmitry.Shulga@oracle.com>	2011-03-15 18:57:36 +0600
commit	feb6d223285e91d435f3c72f2dc3f2b5e73c0f4a (patch)
tree	0f5b82b368f0393b2467be245564bcd49d0933f9 /sql/item.cc
parent	f94e7288e33332584074ee85f625db9a93f2369c (diff)
parent	9320dca994fdae18c549cb59266d49846dc1f839 (diff)
download	mariadb-git-feb6d223285e91d435f3c72f2dc3f2b5e73c0f4a.tar.gz