From 67894b2c7b7eefe3da4ecdbe4f651f887fceb695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Tue, 10 Jan 2017 12:14:06 +0200 Subject: [PATCH] Prevent prepared statement use with dbfwfilter Since the prepared statements can't be processed, they should not be allowed. --- server/modules/filter/dbfwfilter/dbfwfilter.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/server/modules/filter/dbfwfilter/dbfwfilter.c b/server/modules/filter/dbfwfilter/dbfwfilter.c index b1bb08260..97ad7d0ae 100644 --- a/server/modules/filter/dbfwfilter/dbfwfilter.c +++ b/server/modules/filter/dbfwfilter/dbfwfilter.c @@ -2310,6 +2310,8 @@ routeQuery(FILTER *instance, void *session, GWBUF *queue) thr_rule_version = rule_version; } + uint32_t type = qc_get_type(queue); + if (modutil_is_SQL(queue) && modutil_count_statements(queue) > 1) { GWBUF* err = gen_dummy_error(my_session, "This filter does not support " @@ -2319,6 +2321,17 @@ routeQuery(FILTER *instance, void *session, GWBUF *queue) my_session->errmsg = NULL; rval = dcb->func.write(dcb, err); } + else if (qc_query_is_type(type, QUERY_TYPE_PREPARE_STMT) || + qc_query_is_type(type, QUERY_TYPE_PREPARE_NAMED_STMT) || + modutil_is_SQL_prepare(queue)) + { + GWBUF* err = gen_dummy_error(my_session, "This filter does not support " + "prepared statements."); + gwbuf_free(queue); + MXS_FREE(my_session->errmsg); + my_session->errmsg = NULL; + rval = dcb->func.write(dcb, err); + } else { DBFW_USER *user = find_user_data(thr_users, dcb->user, dcb->remote);