hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1628: Fix default database extraction

Browse Source 
The default database was not extracted correctly as the length of the
user's name did not include the null terminator. Also the comparison for
database name length used the smaller than operator instead of the correct
larger than operator.
This commit is contained in:
Markus Mäkelä
2018-05-15 11:11:22 +03:00
parent 4e6184c894
commit 3e0a0988f0
1 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
server/modules/protocol/MySQL/MySQLClient/mysql_client.c
View File

@ -601,24 +601,30 @@ static void store_client_information(DCB *dcb, GWBUF *buffer)
const char* username = (const char*)data + MYSQL_AUTH_PACKET_BASE_SIZE;
int userlen = get_zstr_len(username, len - MYSQL_AUTH_PACKET_BASE_SIZE);
if (userlen != -1 && (int)sizeof(ses->user) > userlen)
if (userlen != -1)
{
strcpy(ses->user, username);
}
if (proto->client_capabilities & GW_MYSQL_CAPABILITIES_CONNECT_WITH_DB)
{
/** Client is connecting with a default database */
uint8_t authlen = data[MYSQL_AUTH_PACKET_BASE_SIZE + userlen];
size_t dboffset = MYSQL_AUTH_PACKET_BASE_SIZE + userlen + authlen + 1;
if (dboffset < len)
if ((int)sizeof(ses->user) > userlen)
{
int dblen = get_zstr_len((const char*)data + dboffset, len - dboffset);
strcpy(ses->user, username);
}
if (dblen != -1 && (int)sizeof(ses->db) < dblen)
// Include the null terminator in the user length
userlen++;
if (proto->client_capabilities & GW_MYSQL_CAPABILITIES_CONNECT_WITH_DB)
{
/** Client is connecting with a default database */
uint8_t authlen = data[MYSQL_AUTH_PACKET_BASE_SIZE + userlen];
size_t dboffset = MYSQL_AUTH_PACKET_BASE_SIZE + userlen + authlen + 1;
if (dboffset < len)
{
strcpy(ses->db, (const char*)data + dboffset);
int dblen = get_zstr_len((const char*)data + dboffset, len - dboffset);
if (dblen != -1 && (int)sizeof(ses->db) > dblen)
{
strcpy(ses->db, (const char*)data + dboffset);
}
}
}
}