Hi, Georgi!
On Jan 14, Georgi Kodinov wrote:
> 3247 Georgi Kodinov 2011-01-14
> Bug #59453: Non-ASCIIZ string kills protocol extensibility in MySQL 5.5
>
> When the server sends the name of the plugin it's using in the handshake
> packet it was null terminating it in it's buffer, but was sending a length of
> the packet 1 byte short.
> Fixed to send the terminating 0 as well by increasing the length of the
> packet to include it.
This won't work, because the data may be binary and contain \0 in the
middle.
I see two solutions to this bug. Either put the length of the data
before the data, or zero terminate it *and* escape all zeros.
Unfortunately, both mean an incompatible change in the protocol.
If you're fine with incompatible protocol changes in GA version, then I
think the first solution (with the lenth) is better.
> === modified file 'sql/sql_acl.cc'
> --- a/sql/sql_acl.cc 2010-12-17 11:11:34 +0000
> +++ b/sql/sql_acl.cc 2011-01-14 15:48:11 +0000
> @@ -8014,7 +8014,7 @@ static bool send_server_handshake_packet
> end= strmake(end, plugin_name(mpvio->plugin)->str,
> plugin_name(mpvio->plugin)->length);
>
> - int res= my_net_write(mpvio->net, (uchar*) buff, (size_t) (end - buff)) ||
> + int res= my_net_write(mpvio->net, (uchar*) buff, (size_t) (end - buff + 1)) ||
> net_flush(mpvio->net);
> my_afree(buff);
> DBUG_RETURN (res);
Regards,
Sergei
