summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mysql-test/r/func_des_encrypt.result34
-rw-r--r--mysql-test/t/func_des_encrypt.test28
-rw-r--r--sql/item_strfunc.cc12
-rw-r--r--sql/item_strfunc.h15
4 files changed, 82 insertions, 7 deletions
diff --git a/mysql-test/r/func_des_encrypt.result b/mysql-test/r/func_des_encrypt.result
index 46b30bdab58..b81f96f6ef7 100644
--- a/mysql-test/r/func_des_encrypt.result
+++ b/mysql-test/r/func_des_encrypt.result
@@ -1,3 +1,37 @@
select des_encrypt('hello');
des_encrypt('hello')
€Ö2nV“Ø}
+#
+# Bug #11643: des_encrypt() causes server to die
+#
+CREATE TABLE t1 (des VARBINARY(200) NOT NULL DEFAULT '') ENGINE=MyISAM;
+INSERT INTO t1 VALUES ('1234'), ('12345'), ('123456'), ('1234567');
+UPDATE t1 SET des=DES_ENCRYPT('1234');
+SELECT LENGTH(des) FROM t1;
+LENGTH(des)
+9
+9
+9
+9
+SELECT DES_DECRYPT(des) FROM t1;
+DES_DECRYPT(des)
+1234
+1234
+1234
+1234
+SELECT
+LENGTH(DES_ENCRYPT('1234')),
+LENGTH(DES_ENCRYPT('12345')),
+LENGTH(DES_ENCRYPT('123456')),
+LENGTH(DES_ENCRYPT('1234567'));
+LENGTH(DES_ENCRYPT('1234')) LENGTH(DES_ENCRYPT('12345')) LENGTH(DES_ENCRYPT('123456')) LENGTH(DES_ENCRYPT('1234567'))
+9 9 9 9
+SELECT
+DES_DECRYPT(DES_ENCRYPT('1234')),
+DES_DECRYPT(DES_ENCRYPT('12345')),
+DES_DECRYPT(DES_ENCRYPT('123456')),
+DES_DECRYPT(DES_ENCRYPT('1234567'));
+DES_DECRYPT(DES_ENCRYPT('1234')) DES_DECRYPT(DES_ENCRYPT('12345')) DES_DECRYPT(DES_ENCRYPT('123456')) DES_DECRYPT(DES_ENCRYPT('1234567'))
+1234 12345 123456 1234567
+DROP TABLE t1;
+End of 5.0 tests
diff --git a/mysql-test/t/func_des_encrypt.test b/mysql-test/t/func_des_encrypt.test
index b757a632adf..2c364a40090 100644
--- a/mysql-test/t/func_des_encrypt.test
+++ b/mysql-test/t/func_des_encrypt.test
@@ -9,3 +9,31 @@
select des_encrypt('hello');
# End of 4.1 tests
+
+--echo #
+--echo # Bug #11643: des_encrypt() causes server to die
+--echo #
+
+CREATE TABLE t1 (des VARBINARY(200) NOT NULL DEFAULT '') ENGINE=MyISAM;
+
+INSERT INTO t1 VALUES ('1234'), ('12345'), ('123456'), ('1234567');
+
+UPDATE t1 SET des=DES_ENCRYPT('1234');
+
+SELECT LENGTH(des) FROM t1;
+SELECT DES_DECRYPT(des) FROM t1;
+
+SELECT
+ LENGTH(DES_ENCRYPT('1234')),
+ LENGTH(DES_ENCRYPT('12345')),
+ LENGTH(DES_ENCRYPT('123456')),
+ LENGTH(DES_ENCRYPT('1234567'));
+SELECT
+ DES_DECRYPT(DES_ENCRYPT('1234')),
+ DES_DECRYPT(DES_ENCRYPT('12345')),
+ DES_DECRYPT(DES_ENCRYPT('123456')),
+ DES_DECRYPT(DES_ENCRYPT('1234567'));
+
+DROP TABLE t1;
+
+--Echo End of 5.0 tests
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index 649910e1162..5a8b1c6493c 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -504,17 +504,21 @@ String *Item_func_des_encrypt::val_str(String *str)
string marking change of string length.
*/
- tail= (8-(res_length) % 8); // 1..8 marking extra length
+ tail= 8 - (res_length % 8); // 1..8 marking extra length
res_length+=tail;
+ tmp_arg.realloc(res_length);
+ tmp_arg.length(0);
+ tmp_arg.append(res->ptr(), res->length());
code= ER_OUT_OF_RESOURCES;
- if (tail && res->append(append_str, tail) || tmp_value.alloc(res_length+1))
+ if (tmp_arg.append(append_str, tail) || tmp_value.alloc(res_length+1))
goto error;
- (*res)[res_length-1]=tail; // save extra length
+ tmp_arg[res_length-1]=tail; // save extra length
+ tmp_value.realloc(res_length+1);
tmp_value.length(res_length+1);
tmp_value[0]=(char) (128 | key_number);
// Real encryption
bzero((char*) &ivec,sizeof(ivec));
- DES_ede3_cbc_encrypt((const uchar*) (res->ptr()),
+ DES_ede3_cbc_encrypt((const uchar*) (tmp_arg.ptr()),
(uchar*) (tmp_value.ptr()+1),
res_length,
&keyschedule.ks1,
diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h
index 81baf9a4c5f..5265f608344 100644
--- a/sql/item_strfunc.h
+++ b/sql/item_strfunc.h
@@ -293,13 +293,17 @@ public:
class Item_func_des_encrypt :public Item_str_func
{
- String tmp_value;
+ String tmp_value,tmp_arg;
public:
Item_func_des_encrypt(Item *a) :Item_str_func(a) {}
Item_func_des_encrypt(Item *a, Item *b): Item_str_func(a,b) {}
String *val_str(String *);
void fix_length_and_dec()
- { maybe_null=1; max_length = args[0]->max_length+8; }
+ {
+ maybe_null=1;
+ /* 9 = MAX ((8- (arg_len % 8)) + 1) */
+ max_length = args[0]->max_length + 9;
+ }
const char *func_name() const { return "des_encrypt"; }
};
@@ -310,7 +314,12 @@ public:
Item_func_des_decrypt(Item *a) :Item_str_func(a) {}
Item_func_des_decrypt(Item *a, Item *b): Item_str_func(a,b) {}
String *val_str(String *);
- void fix_length_and_dec() { maybe_null=1; max_length = args[0]->max_length; }
+ void fix_length_and_dec()
+ {
+ maybe_null=1;
+ /* 9 = MAX ((8- (arg_len % 8)) + 1) */
+ max_length = args[0]->max_length - 9;
+ }
const char *func_name() const { return "des_decrypt"; }
};
View Lorry Controller Status