From 405f7ca69a36a2b2d7b02bdb945f1e6879c5aaea Mon Sep 17 00:00:00 2001
From: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
Date: Tue, 15 Mar 2011 13:19:30 +0200
Subject: Bug #11765023: 57934: DOS POSSIBLE SINCE BINARY CASTING DOESN'T
 ADHERE TO MAX_ALLOWED_PACKET

Added a check for max_packet_length in CONVERT(, BINARY|CHAR).
Added a test case.
---
 sql/item_timefunc.cc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'sql/item_timefunc.cc')

diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc
index 6335199b8de..74aae94b6f2 100644
--- a/sql/item_timefunc.cc
+++ b/sql/item_timefunc.cc
@@ -2444,6 +2444,19 @@ String *Item_char_typecast::val_str(String *str)
   String *res;
   uint32 length;
 
+  if (cast_length >= 0 &&
+      ((unsigned) cast_length) > current_thd->variables.max_allowed_packet)
+  {
+    push_warning_printf(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN,
+			ER_WARN_ALLOWED_PACKET_OVERFLOWED,
+			ER(ER_WARN_ALLOWED_PACKET_OVERFLOWED),
+			cast_cs == &my_charset_bin ?
+                        "cast_as_binary" : func_name(),
+                        current_thd->variables.max_allowed_packet);
+    null_value= 1;
+    return 0;
+  }
+
   if (!charset_conversion)
   {
     if (!(res= args[0]->val_str(str)))
-- 
cgit v1.2.1