hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix out-of-bounds reads with LOAD DATA LOCAL INFILE

Browse Source 
When a LOAD DATA LOCAL INFILE is done, the last packet is an empty packet
which does not contain the command byte. Some parts of the MySQL protocol
modules expected that a command is always present. The proper way to
handle this is to use the mxs_mysql_get_command function which does bounds
checking.
This commit is contained in:
Markus Mäkelä
2017-08-17 21:37:11 +03:00
parent d723201d22
commit 6c5ae24dff
2 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/modules/protocol/MySQL/MySQLBackend/mysql_backend.c
View File

@ -386,7 +386,7 @@ static inline void prepare_for_write(DCB *dcb, GWBUF *buffer)
if (GWBUF_IS_TYPE_SESCMD(buffer))
{
mysql_server_cmd_t cmd = MYSQL_GET_COMMAND(GWBUF_DATA(buffer));
mysql_server_cmd_t cmd = mxs_mysql_get_command(buffer);
protocol_add_srv_command(proto, cmd);
}
if (GWBUF_SHOULD_COLLECT_RESULT(buffer))
@ -1015,7 +1015,7 @@ static int gw_MySQLWrite_backend(DCB *dcb, GWBUF *queue)
case MXS_AUTH_STATE_COMPLETE:
{
uint8_t* ptr = GWBUF_DATA(queue);
mysql_server_cmd_t cmd = MYSQL_GET_COMMAND(ptr);
mysql_server_cmd_t cmd = mxs_mysql_get_command(queue);
MXS_DEBUG("write to dcb %p fd %d protocol state %s.",
dcb, dcb->fd, STRPROTOCOLSTATE(backend_protocol->protocol_auth_state));