From 2393ac57e9dabb15da51061ab02ce28fc21fac02 Mon Sep 17 00:00:00 2001 From: VilhoRaatikka Date: Thu, 14 Aug 2014 17:23:46 +0300 Subject: [PATCH] mysql_common.c:protocol_add_srv_command didn't check that protocol status was MYSQL_PROTOCOL_ACTIVE and wrote to freed memory. --- server/modules/protocol/mysql_backend.c | 3 ++- server/modules/protocol/mysql_common.c | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/server/modules/protocol/mysql_backend.c b/server/modules/protocol/mysql_backend.c index da00de083..ce7b6ef97 100644 --- a/server/modules/protocol/mysql_backend.c +++ b/server/modules/protocol/mysql_backend.c @@ -1006,7 +1006,8 @@ gw_backend_hangup(DCB *dcb) &succp); /** There are not required backends available, close session. */ - if (!succp) { + if (!succp) + { #if defined(SS_DEBUG) LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c index cd1e5c5f9..4e06894d1 100644 --- a/server/modules/protocol/mysql_common.c +++ b/server/modules/protocol/mysql_common.c @@ -1712,6 +1712,10 @@ void protocol_add_srv_command( spinlock_acquire(&p->protocol_lock); + if (p->protocol_state != MYSQL_PROTOCOL_ACTIVE) + { + goto retblock; + } /** this is the only server command in protocol */ if (p->protocol_command.scom_cmd == MYSQL_COM_UNDEFINED) { @@ -1744,6 +1748,7 @@ void protocol_add_srv_command( c = c->scom_next; } #endif +retblock: spinlock_release(&p->protocol_lock); }