From: Alexander Barkov Date: February 1 2011 3:36pm Subject: bzr commit into mysql-5.5 branch (alexander.barkov:3294) List-Archive: http://lists.mysql.com/commits/130143 Message-Id: <201102011536.p11FaInH018275@bar.myoffice.izhnet.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4863297093750538758==" --===============4863297093750538758== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/bar/mysql-bzr/mysql-5.5.b58036/ based on revid:ole.john.aske@stripped 3294 Alexander Barkov 2011-02-01 Problem: ucs2 was correctly disallowed in "SET NAMES" only, while mysql_real_connect() and mysql_change_user() still allowed to use ucs2, which made server crash. Fix: disallow ucs2 in mysql_real_connect() and mysql_change_user(). @ sql/sql_parse.h - introducing a new function, to reuse in all places where we need to check client character set. @ sql/set_var.cc Using the new function. @ sql/sql_connect.h @ sql/sql_connect.cc - changing return type for thd_init_client_charset() to bool, to return errors to the caller - in case of unsupported client character set - send error and return true - in case of success - return false @ sql/sql_acl.cc - return error if thd_init_client_charset() failes - in parse_com_change_user_packet() set user_name to NULL in the very beginnig to avoid my_free() on bad memory in case of errors. @ tests/mysql_client_test.c Adding test modified: sql/set_var.cc sql/sql_acl.cc sql/sql_connect.cc sql/sql_connect.h sql/sql_parse.h tests/mysql_client_test.c === modified file 'sql/set_var.cc' --- a/sql/set_var.cc 2010-12-29 00:26:31 +0000 +++ b/sql/set_var.cc 2011-02-01 15:30:06 +0000 @@ -776,7 +776,7 @@ int set_var_password::update(THD *thd) int set_var_collation_client::check(THD *thd) { /* Currently, UCS-2 cannot be used as a client character set */ - if (character_set_client->mbminlen > 1) + if (!charset_is_good_for_parser(character_set_client)) { my_error(ER_WRONG_VALUE_FOR_VAR, MYF(0), "character_set_client", character_set_client->csname); === modified file 'sql/sql_acl.cc' --- a/sql/sql_acl.cc 2011-01-14 15:48:11 +0000 +++ b/sql/sql_acl.cc 2011-02-01 15:30:06 +0000 @@ -7799,7 +7799,8 @@ public: Thd_charset_adapter(THD *thd_arg) : thd (thd_arg) {} bool init_client_charset(uint cs_number) { - thd_init_client_charset(thd, cs_number); + if (thd_init_client_charset(thd, cs_number)) + return true; thd->update_charset(); return thd->is_error(); } @@ -8236,6 +8237,18 @@ static bool parse_com_change_user_packet uint dummy_errors; DBUG_ENTER ("parse_com_change_user_packet"); + + /* + The caller expects that this function allocates user_name using + my_strndup() and calls my_free(user_name) later in some cases. + + Let's set user_name to NULL here, to avoid my_free() on uninitialized + memory for those cases when we return from here *before* user_name is + actually allocated. This happens on errors: packet error, bad charset. + */ + mpvio->auth_info.user_name= NULL; + mpvio->auth_info.user_name_length= 0; + if (passwd >= end) { my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); === modified file 'sql/sql_connect.cc' --- a/sql/sql_connect.cc 2010-12-15 22:59:21 +0000 +++ b/sql/sql_connect.cc 2011-02-01 15:30:06 +0000 @@ -370,8 +370,23 @@ void reset_mqh(LEX_USER *lu, bool get_th } -void thd_init_client_charset(THD *thd, uint cs_number) +/** + Set thread character set variables from the given ID + + @param thd thread handle + @param cs_number character set and collation ID + + @retval 0 OK; character_set_client, collation_connection and + character_set_results are set to the new value, + or to the default global values. + + @retval 1 error, e.g. the given ID is not supported by parser. + Corresponding SQL error is sent. +*/ + +bool thd_init_client_charset(THD *thd, uint cs_number) { + CHARSET_INFO *cs; /* Use server character set and collation if - opt_character_set_client_handshake is not set @@ -380,10 +395,10 @@ void thd_init_client_charset(THD *thd, u - client character set doesn't exists in server */ if (!opt_character_set_client_handshake || - !(thd->variables.character_set_client= get_charset(cs_number, MYF(0))) || + !(cs= get_charset(cs_number, MYF(0))) || !my_strcasecmp(&my_charset_latin1, global_system_variables.character_set_client->name, - thd->variables.character_set_client->name)) + cs->name)) { thd->variables.character_set_client= global_system_variables.character_set_client; @@ -394,10 +409,18 @@ void thd_init_client_charset(THD *thd, u } else { + if (!charset_is_good_for_parser(cs)) + { + /* Disallow non-supported parser character sets: UCS2, UTF16, UTF32 */ + my_error(ER_WRONG_VALUE_FOR_VAR, MYF(0), "character_set_client", + cs->csname); + return true; + } thd->variables.character_set_results= thd->variables.collation_connection= - thd->variables.character_set_client; + thd->variables.character_set_client= cs; } + return false; } === modified file 'sql/sql_connect.h' --- a/sql/sql_connect.h 2010-09-20 14:17:32 +0000 +++ b/sql/sql_connect.h 2011-02-01 15:30:06 +0000 @@ -33,7 +33,7 @@ void reset_mqh(LEX_USER *lu, bool get_th bool check_mqh(THD *thd, uint check_command); void time_out_user_resource_limits(THD *thd, USER_CONN *uc); void decrease_user_connections(USER_CONN *uc); -void thd_init_client_charset(THD *thd, uint cs_number); +bool thd_init_client_charset(THD *thd, uint cs_number); bool setup_connection_thread_globals(THD *thd); int check_user(THD *thd, enum enum_server_command command, === modified file 'sql/sql_parse.h' --- a/sql/sql_parse.h 2010-08-31 09:59:51 +0000 +++ b/sql/sql_parse.h 2011-02-01 15:30:06 +0000 @@ -197,4 +197,8 @@ check_table_access(THD *thd, ulong requi bool check_global_access(THD *thd, ulong want_access); +inline bool charset_is_good_for_parser(CHARSET_INFO *cs) +{ return test(cs->mbminlen == 1); } + + #endif /* SQL_PARSE_INCLUDED */ === modified file 'tests/mysql_client_test.c' --- a/tests/mysql_client_test.c 2010-12-29 00:26:31 +0000 +++ b/tests/mysql_client_test.c 2011-02-01 15:30:06 +0000 @@ -19289,6 +19289,72 @@ static void test_bug47485() /* + Bug#58036 client utf32, utf16, ucs2 should be disallowed, they crash server +*/ +static void test_bug58036() +{ + MYSQL *conn; + DBUG_ENTER("test_bug47485"); + myheader("test_bug58036"); + + /* Part1: try to connect with ucs2 client character set */ + conn= mysql_client_init(NULL); + mysql_options(conn, MYSQL_SET_CHARSET_NAME, "ucs2"); + if (mysql_real_connect(conn, opt_host, opt_user, + opt_password, opt_db ? opt_db : "test", + opt_port, opt_unix_socket, 0)) + { + if (!opt_silent) + printf("mysql_real_connect() succeeded (failure expected)\n"); + mysql_close(conn); + DIE(); + } + + if (!opt_silent) + printf("Got mysql_real_connect() error (expected): %s (%d)\n", + mysql_error(conn), mysql_errno(conn)); + DIE_UNLESS(mysql_errno(conn) == ER_WRONG_VALUE_FOR_VAR); + mysql_close(conn); + + + /* + Part2: + - connect with latin1 + - then change client character set to ucs2 + - then try mysql_change_user() + */ + conn= mysql_client_init(NULL); + mysql_options(conn, MYSQL_SET_CHARSET_NAME, "latin1"); + if (!mysql_real_connect(conn, opt_host, opt_user, + opt_password, opt_db ? opt_db : "test", + opt_port, opt_unix_socket, 0)) + { + if (!opt_silent) + printf("mysql_real_connect() failed: %s (%d)\n", + mysql_error(conn), mysql_errno(conn)); + mysql_close(conn); + DIE(); + } + + mysql_options(conn, MYSQL_SET_CHARSET_NAME, "ucs2"); + if (!mysql_change_user(conn, opt_user, opt_password, NULL)) + { + if (!opt_silent) + printf("mysql_change_user() succedded, error expected!"); + mysql_close(conn); + DIE(); + } + + if (!opt_silent) + printf("Got mysql_change_user() error (expected): %s (%d)\n", + mysql_error(conn), mysql_errno(conn)); + mysql_close(conn); + + DBUG_VOID_RETURN; +} + + +/* Bug#49972: Crash in prepared statements. The following case lead to a server crash: @@ -19770,6 +19836,7 @@ static struct my_tests_st my_tests[]= { { "test_bug42373", test_bug42373 }, { "test_bug54041", test_bug54041 }, { "test_bug47485", test_bug47485 }, + { "test_bug58036", test_bug58036 }, { "test_bug57058", test_bug57058 }, { 0, 0 } }; --===============4863297093750538758== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/alexander.barkov@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: alexander.barkov@stripped\ # 4sxsbzs7ru8vya8p # target_branch: file:///home/bar/mysql-bzr/mysql-5.5.b58036/ # testament_sha1: 8b37e0f6c1d222d829ea73dc1668edeb062404e6 # timestamp: 2011-02-01 18:36:18 +0300 # base_revision_id: ole.john.aske@stripped\ # hdrlhd5cgbxq3zgd # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWRo1Y6wABzZ/gHK4IgB69/// /+//pL////5gD0feobgsHIq6AADUPZmymkmhiqg+q1TZpt3AY0PhoJU/SnqPTUPU0aPU9TR+qeka PU09T1A0AAAAwgB6g0RNNMBNBTE1MaQMDQQMEAZAGJpibSaYSSp5MoTaCaDQ0aABoGgNANAAAAAC REIEU8CnpoEZoKn6aNKP1Qep6YpoBoaaA9RmU0BtUFT9UeFPSBoemk9QADQNADQAAAAACSJMIAmm RME0TBTFHk0T1NT2pN6pk3pRpiaAB6NTCIAPdiAiJCpsGeUsir2mU4NWk1ZJZZXaK6me6Bx0pVUN AVIVuv/lm9fE3qcXlPH73K2a2IoqwX4jpJ67efLLI/6B7OiEap9odzuQYLr5yxRkyzZcq7YeGG3E lIkNBkO5yThZba7qrb5oOl8XHYypowIaBQ0HzvLYt+xlzsV1Wda4baTat/01Vk7rM+PHI0kJITMg A8qCEWYltZQa+4YBncs+WiBLJy0uqTpOWCF6EHQsxnxobs3I/N9X8j0lDK0L8wn1i2ibY222kNtr Sa/h3Aul8+vDLGbmW876CpR7GUOBXhmit7lofCIdzoVimcqYxS92dmQ1jEYp/affp6pNQjmaPwa2 lVDDK5OEwGNtJNoNDH7R2ThzDENeEPtsSsRAakgPkfEjUbNdL2YktzZEwcH1RrhfTKo32rRRYHos 8tTE6hvYbAkJImzNMR3CVIdFWxGIKCgt1guNS0K1aK9sMaDD0OhQIigWkZOnTrAk5jFrkFBBq+Qa 0wBLAoE+Ms+3EbY5V6FLSJdd9USM0zQWGXGQoLwYIKukuIBOmx9gmMelBMLRGTDsC6J3oktYYBnG 6/DUp6BTNeRgctaWWIoy4UOqGC0ZAGM5CdHvdJAatSaY9e3rURMgvyZJGbRQZUboKCodd7Zl+vya vyPZK41bwEZ9xvkBscQxoCCBrshQrNB5EfHslPDCxLXQOBj+tfzIJB9oNVR1KhI9jxDmcO1eBQbT 0NccYbISuaVYtW78fKWd6bV/GR4O5qC2MBtnAvUcmAe5ehmD+jUDYvd351Z6Bnhjm41tLatat0c1 bUh3p2JoEY0ym6S8+AaG0zuPAD0D4IFAzRWANvOpzVzeZ6w8Shidy2aWmNZQ4XIcJvKu6uO+BZvi U8u/0y+q1QogKJNo7OwxBlXkGNJEtpouPKdIujmPS4Yr914sc3cDTb3XIS1MRDOsfL3nGHKSWCec AZDdTnK0FgNVGkhsAYb45DzlxVILBeMI8xdWSgOL+rwums6DnZIArmylAcg6sJzMCOADLGZke4im ndZCs1ptMmdzz0mzm/Iup1XgVa8YSC6BL+PbXwN8MJgiIyrHB0BmOXzptIUnRMWlt6VMuvbYEVBo KsRCRN7R55HcN8ANrDMAMsdzJC68MAMiBXb79KHyjqNiN+ms2GDeT4AysHz5mhEPKPAbMTmBAwNw uJsORwJsZnOYGt5b34l/BzjZB7pBUx9cX2D7Q1Y7WQlRINtt0C9h6rrCN45oUnZWTUoOVUKE3XA1 aRhcaxluJYmAXDVqMrDDsIGNpeRLtODoLiNZYWlx3+g+1HinrvyjjVVLkDgEC0jMoETQgY9et1QY mzfeFxEvs3G7vpOIq5VFaKFhiTIxZZFKy5yoJBU9TETUasrRwoTKFp/a10TYjijsLT+qjJrMdmkY wCpxmA00dQmPOE2gVjveHhtgS25+ozJHOyZfz7CqzG7OD9iXjyLcihgZm5HE1PzHA4gFeWL5wVrj Qj5ax34nAsKyszIWzHEi5HJ6fkd1gQU7oaeqJb/lzDtoZ3vlVYXHAKl1oTKpcJnDouR+cr4NTRmO FzlTLIvAHGiy2mFRCJUSMWNhHAJljDdd1ZVMtJFW7QC+xbxupsKzYSqLmLkE8KXX1vFiBUYkleMK zO4ietFUGss3m0hdYt5bMgu+BWMSKQoaYAbJXki6oYifcHmbj0AHc9XyNmV198DF6slrHBiQtpGf YWGZCuwkrbTvqOTW7yuHIeLV0jvdYRLyBWTMt4B6gDnlgaXaJbimp6J2FTFGxlas5i+5lxERpZeO SjuqFreFRtZbCI6ae0vLiCcqL32b7sD6y7lzbDynw2I0591LqzMFd1iKWJlIrADl0SuQWuearWJu IE32texgf6fxevxS7fcYdeWRGqgMZIt0qSBDTbwOH0C41vaoB4Yu9NASHj6z5G0GfFHt9eB5WxtN Nj/YY+9+1/9Xzt9pkOpknDa+5ZX/wrjXo+FxgJSf+E4ql0UoOGwj4RAorrvAnEz7KQp88XyPWjhW LZWnyLCm6paDftOD1kB7eG5FLy+3+hBF5FS01or0b72U3bbcbCCDGJofcTFZviSglwF6wiv+YkI5 MlNDQNntDghi64SUIPO0l3SEB9LXcoXeqFWKwvUQWQ1Ij9KVkXqGDVEQk5g9DkBsk6YKImTMF7AC 0wtUt8BaJB5RNgtmEzOswAP7PrpZ9D5xWv4LuC9IDv3Ys2LmJ8zhNB+xfcUml957UmF8PxbadLxi 4Zh9Li4vO5JdepCsXcIHJFfhmg4FWIMknFm9QHE8RAR+HJURKQUlxm0ejPlAPnt2/7HlmeJn+6oX 0O82OvMyBxeYb+FD6F5+FiA9nEwLS8n5r+H/HFGGZe5D8thX9BsjE9O49PUj61d6ADkwZig8GAXy qb4IGHKMn8RoNfAfL3nI7Toe/d9d3uJGoHM3htBZElI2GRkWWmU8yTQJnRbQ18m2cUmA0+T58Iig fzGx8MrGN4MkKKLkLONEGIhRvzCDqqFABqJ+T+ecClaMH6PIhGYFrhjIZD8H6nNCIIgeoklxHK19 67CkHZ1wE/I7PKkSoiVueo9hCtXATLAJpyHTqDFlELmq0dTlyD1FDAvLS36a+OQ1Xi/LNSZANia5 aSfGqRTpaqvJB9axXwnxJNCm6/hEVF5GL7Lx6mUoyKmjDaVIapQuaiSMpA6C3Tdb6cnOhCHrMC/n XSjx6jjnIq1xrM/eJhfxXwPssdDT0FWgmyW43jJe/AhyQHIGi+FvLTEftdEIPyMYyrXI19xv8sae ODU7EQvJbL+TN6ObzZ2DfoN64wr8BOhjdViQFATCuUAYGg9ZfXTTCabwKUQVTGyBByUkBozqO4Os TBo0SY4l08T6KadNddyE2Tctf7oR8HLQxm1oVRI3rIQaPUMxQtebq0JHcN7rI84HM6Hq7yUjtRvP s8zrvKDniSNpoxXmBmk1r9qO89Ie0XaLAXTqRzKTqWeDvlQQ1tNxnNPqMD2jFqv+2Y6NUvqUvaIZ LyMTHod55HWesiQ2aNVHojYX6M8SKZ6yimRLMYygbEiguxNHOn9LFxa7SZUZnyIDz5G1QzMHDtP5 y7QQ1SPb1OyBeGg7VPrDswWWuSE24EU2+5gZMzdyXrslgK9gXPchrGYrEMexBPXAndw2vCpK/Ccp HU0R5YePSnA2BgzJMzL1z1GMl/dgqINhRkcBs8z98C8Wp8PBV7jeu70orkbiIZoOblhxEGR5m86G zuZh2xFWDI7xVBKDUnAlAGCDLoVmCvqKoSAKUaIz56rhUGqPtwQGirBD0Yk3dYOIuZzW0zK0OKJJ 2YTlE+iR6jBEqjam3jCMVl8AMmFeVad7TSKKwKZW1pYI7Lio7f9YLFpsuTfex84ORXrdfj+I4olU /duMjW4hNRqJalNtS5in/g5BBQO1cqi89dVIHWjp6PkJr+yxMsGVqCwcQWNKqoQUiygveMKSC6bX 1AYy4SO4YgjAMCDsRKMKq6AqMkkyGTDAWodYFp4H2dDu8RLIKEDw8EUxY0GMleVGamfNe5SD1L6j mUHSFa2CsTGLCPbnVbAJPMEmRFspMgj9YwxBNFOPRfqw1DT5AU6DwU841o+y5axcRzYNnVzoZ9Rv t76eeg0BZFQqg4MWHMJeU8u080iYEhA02qpdPuRfqy60fnO0svtJh54hejifnPetksAF4z8WPidx ouCPvPXrtSEuY2I2GwzGR5AlaBtjbb0wlCaTbTAY0ggGtDAlNHvhJFATQM4uBkUVsrRLJVgBi45A BrqwTplKZWyGhIqiiUsUwnIS1TGVei5ozES8dgbkfhA0L75JKwwSBlWCGGGTssQAmpxBnpwxYdcW JJNfIZTU2/oUIKRV0Pc9iY4DzAEUlXJonGQ2gF2OfbnThGIUe8dEMbabA5JLDAoJvYDT9n5fEryF xeqMLhVaMPs0IJFctQuZmyhfmFnbbberOjvqitaFElMyRDciIhuEqmK4EBsGI6MNSDKhKfSo489t 68QBq4zOwnvzKkoo9RFiZBje0ZBMFBMe8kiRqAoBTjGy1bt9yJC9sKo5xSBKhDuFCGKQhEhUpesA wGlxNEadw9gO7DZshZXoxPPI+ECR8f3HpAIMC9o35foRl2Wvpu4kFqDcE3shajBmZHSiDRMxBGsq jldIC+NQKcS6jeBqlUAe3n0L14FiOg07dXH+r9+qJHoT9nZduQycoY41F4bpLUEX0IoGCxwDnUGG Jpjo3yUpcWSC4oVg3y6Ga3lV9Zkgch8QC4qLhnKqAxUqcyoqXV3Jaq0ckUD7T8wYK4QWH2jo5L2X AFpsIoXM+JnzqZwrZ2KjqWOEz2o+QBFP7+ToAkG4gX4GYHarSOpsntDMA8TIofE1OKtyIdKBDJT/ xdyRThQkBo1Y6wA= --===============4863297093750538758==--