From 107c894a540d147338ab4e737eb9ef76e49c3493 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Thu, 28 Jun 2012 18:38:55 +0300 Subject: Bug #13708485: malformed resultset packet crashes client Several fixes : * sql-common/client.c Added a validity check of the fields metadata packet sent by the server. Now libmysql will check if the length of the data sent by the server matches what's expected by the protocol before using the data. * client/mysqltest.cc Fixed the error handling code in mysqltest to avoid sending new commands when the reading the result set failed (and there are unread data in the pipe). * sql_common.h + libmysql/libmysql.c + sql-common/client.c unpack_fields() now generates a proper error when it fails. Added a new argument to this function to support the error generation. * sql/protocol.cc Added a debug trigger to cause the server to send a NULL insted of the packet expected by the client for testing purposes. --- include/sql_common.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'include/sql_common.h') diff --git a/include/sql_common.h b/include/sql_common.h index 9e43d076ba9..b64277ce7e1 100644 --- a/include/sql_common.h +++ b/include/sql_common.h @@ -1,4 +1,5 @@ -/* Copyright (C) 2003-2004, 2006 MySQL AB +/* + Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,8 +24,9 @@ extern "C" { #endif extern CHARSET_INFO *default_client_charset_info; -MYSQL_FIELD *unpack_fields(MYSQL_DATA *data,MEM_ROOT *alloc,uint fields, - my_bool default_value, uint server_capabilities); +MYSQL_FIELD *unpack_fields(MYSQL *mysql, MYSQL_DATA *data,MEM_ROOT *alloc, + uint fields, my_bool default_value, + uint server_capabilities); void free_rows(MYSQL_DATA *cur); void free_old_query(MYSQL *mysql); void end_server(MYSQL *mysql); -- cgit v1.2.1 From 06f6e4fe957c6edd7b3655d4987d0fbd67cdb9d6 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Thu, 5 Jul 2012 09:55:20 +0300 Subject: Bug #12998841: libmysql divulges plaintext password upon request in 5.5 1. Clear text password client plugin disabled by default. 2. Added an environment variable LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN, that when set to something starting with '1', 'Y' or 'y' will enable the clear text plugin for all connections. 3. Added a new mysql_options() option : MYSQL_ENABLE_CLEARTEXT_PLUGIN that takes an my_bool argument. When the value of the argument is non-zero the clear text plugin is enabled for this connection only. 4. Added an enable-cleartext-plugin config file option that takes a numeric argument. If the numeric value of the numeric argument is non-zero the clear text plugin is enabled for the connection 5. Added a boolean command line option "--enable_cleartext_plugin" to mysql, mysqlslap and mysqladmin. When specified it will call mysql_options with the effect of #3 6. Added a new CLEARTEXT option to the connect command in mysqltest. When specified it will enable the cleartext plugin for usage. 7. Added test cases and updated existing ones that need the clear text plugin. --- include/sql_common.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/sql_common.h') diff --git a/include/sql_common.h b/include/sql_common.h index 307b443d6d6..a2ea3ac45e7 100644 --- a/include/sql_common.h +++ b/include/sql_common.h @@ -31,6 +31,7 @@ extern const char *not_error_sqlstate; struct st_mysql_options_extention { char *plugin_dir; char *default_auth; + my_bool enable_cleartext_plugin; }; typedef struct st_mysql_methods @@ -104,6 +105,7 @@ int mysql_client_plugin_init(); void mysql_client_plugin_deinit(); struct st_mysql_client_plugin; extern struct st_mysql_client_plugin *mysql_client_builtins[]; +extern my_bool libmysql_cleartext_plugin_enabled; #ifdef __cplusplus } -- cgit v1.2.1 From 704898bf3200af4da42c1bf9251a7da5533db73f Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 8 Aug 2012 12:32:34 +0200 Subject: undo the fix for MySQL Bug#12998841 --- include/sql_common.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'include/sql_common.h') diff --git a/include/sql_common.h b/include/sql_common.h index a2ea3ac45e7..307b443d6d6 100644 --- a/include/sql_common.h +++ b/include/sql_common.h @@ -31,7 +31,6 @@ extern const char *not_error_sqlstate; struct st_mysql_options_extention { char *plugin_dir; char *default_auth; - my_bool enable_cleartext_plugin; }; typedef struct st_mysql_methods @@ -105,7 +104,6 @@ int mysql_client_plugin_init(); void mysql_client_plugin_deinit(); struct st_mysql_client_plugin; extern struct st_mysql_client_plugin *mysql_client_builtins[]; -extern my_bool libmysql_cleartext_plugin_enabled; #ifdef __cplusplus } -- cgit v1.2.1