1 files changed, 16 insertions, 8 deletions

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index ae286878cea..1c31e331965 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1979,13 +1979,12 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
     */
     else if (!password_len && no_auto_create)
     {
-      my_error(ER_PASSWORD_NO_MATCH, MYF(0), combo.user.str, combo.host.str);
+      my_error(ER_PASSWORD_NO_MATCH, MYF(0));
       goto end;
     }
     else if (!can_create_user)
     {
-      my_error(ER_CANT_CREATE_USER_WITH_GRANT, MYF(0),
-               thd->security_ctx->user, thd->security_ctx->host_or_ip);
+      my_error(ER_CANT_CREATE_USER_WITH_GRANT, MYF(0));
       goto end;
     }
     else if (combo.plugin.str[0])
@@ -7483,13 +7482,21 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
   if (pkt_len < MIN_HANDSHAKE_SIZE)
     return packet_error;
 
+  /*
+    Protocol buffer is guaranteed to always end with \0. (see my_net_read())
+    As the code below depends on this, lets check that.
+  */
+  DBUG_ASSERT(net->read_pos[pkt_len] == 0);
+
   if (mpvio->connect_errors)
     reset_host_errors(&net->vio->remote.sin_addr);
 
   ulong client_capabilities= uint2korr(net->read_pos);
   if (client_capabilities & CLIENT_PROTOCOL_41)
   {
-    client_capabilities|= ((ulonglong) uint2korr(net->read_pos+2)) << 16;
+    if (pkt_len < 32)
+      return packet_error;
+    client_capabilities|= ((ulong) uint2korr(net->read_pos+2)) << 16;
     thd->max_client_packet_length= uint4korr(net->read_pos+4);
     DBUG_PRINT("info", ("client_character_set: %d", (uint) net->read_pos[8]));
     if (thd_init_client_charset(thd, (uint) net->read_pos[8]))
@@ -7499,6 +7506,8 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
   }
   else
   {
+    if (pkt_len < 5)
+      return packet_error;
     thd->max_client_packet_length= uint3korr(net->read_pos+2);
     end= (char*) net->read_pos+5;
   }
@@ -7843,8 +7852,7 @@ err:
   if (mpvio->status == MPVIO_EXT::FAILURE && !mpvio->thd->is_error())
   {
     inc_host_errors(&mpvio->thd->net.vio->remote.sin_addr);
-    my_error(ER_HANDSHAKE_ERROR, MYF(0),
-             mpvio->thd->security_ctx->host_or_ip);
+    my_error(ER_HANDSHAKE_ERROR, MYF(0));
   }
   return -1;
 }
@@ -8313,7 +8321,7 @@ static int native_password_authenticate(MYSQL_PLUGIN_VIO *vio,
              CR_ERROR : CR_OK;
 
   inc_host_errors(&mpvio->thd->net.vio->remote.sin_addr);
-  my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
+  my_error(ER_HANDSHAKE_ERROR, MYF(0));
   return CR_ERROR;
 }
 
@@ -8365,7 +8373,7 @@ static int old_password_authenticate(MYSQL_PLUGIN_VIO *vio,
                              (ulong *)mpvio->acl_user->salt) ? CR_ERROR : CR_OK;
 
   inc_host_errors(&mpvio->thd->net.vio->remote.sin_addr);
-  my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
+  my_error(ER_HANDSHAKE_ERROR, MYF(0));
   return CR_ERROR;
 }