From 54705ab1762eb305f389d3cf1a16edc88b3361bc Mon Sep 17 00:00:00 2001
From: Davi Arnaut <Davi.Arnaut@Sun.COM>
Date: Thu, 29 Apr 2010 10:28:16 -0300
Subject: Bug#50974: Server keeps receiving big (> max_allowed_packet) packets
 indefinitely.

The server could be tricked to read packets indefinitely if it
received a packet larger than the maximum size of one packet.
This problem is aggravated by the fact that it can be triggered
before authentication.

The solution is to no skip big packets for non-authenticated
sessions. If a big packet is sent before a session is authen-
ticated, a error is returned and the connection is closed.

include/mysql_com.h:
  Add skip flag. Only used in server builds.
sql/net_serv.cc:
  Control whether big packets can be skipped.
---
 include/mysql_com.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'include')

diff --git a/include/mysql_com.h b/include/mysql_com.h
index 94b34c1c3f0..2eeec270cd0 100644
--- a/include/mysql_com.h
+++ b/include/mysql_com.h
@@ -219,6 +219,16 @@ typedef struct st_net {
 
   my_bool report_error; /* We should report error (we have unreported error) */
   my_bool return_errno;
+#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY)
+  /*
+    Controls whether a big packet should be skipped.
+
+    Initially set to FALSE by default. Unauthenticated sessions must have
+    this set to FALSE so that the server can't be tricked to read packets
+    indefinitely.
+  */
+  my_bool skip_big_packet;
+#endif
 } NET;
 
 #define packet_error (~(unsigned long) 0)
-- 
cgit v1.2.1