From: Alexander Barkov Date: February 11 2011 1:08pm Subject: bzr commit into mysql-5.1 branch (alexander.barkov:3571) Bug#58036 List-Archive: http://lists.mysql.com/commits/131124 X-Bug: 58036 Message-Id: <201102111308.p1BD8KVD006224@bar.myoffice.izhnet.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1992587767087813246==" --===============1992587767087813246== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/bar/mysql-bzr/mysql-5.1.b58036v3/ based on revid:alfranio.correia@stripped 3571 Alexander Barkov 2011-02-11 Bug#58036 client utf32, utf16, ucs2 should be disallowed, they crash server A separate fix for 5.1 (as 5.1 and 5.5 have seriously differged in the related pieces of the code). A patch for 5.5 was approved earlier. Problem: ucs2 was correctly disallowed in "SET NAMES" only, while mysql_real_connect() and mysql_change_user() still allowed to use ucs2, which made server crash. Fix: disallow ucs2 in mysql_real_connect() and mysql_change_user(). @ sql/sql_priv.h - changing return type for thd_init_client_charset() to bool, to return errors to the caller @ sql/sql_connect.cc - thd_client_charset_init: in case of unsupported client character set send error and return true; in case of success return false - check_connection: Return error if character set initialization failed @ sql/sql_parse.cc - check charset in the very beginnig of the CMD_CHANGE_USER handling code modified: sql/mysql_priv.h sql/sql_connect.cc sql/sql_parse.cc tests/mysql_client_test.c === modified file 'sql/mysql_priv.h' --- a/sql/mysql_priv.h 2011-01-26 07:32:41 +0000 +++ b/sql/mysql_priv.h 2011-02-11 13:02:52 +0000 @@ -1019,7 +1019,7 @@ void reset_mqh(LEX_USER *lu, bool get_th bool check_mqh(THD *thd, uint check_command); void time_out_user_resource_limits(THD *thd, USER_CONN *uc); void decrease_user_connections(USER_CONN *uc); -void thd_init_client_charset(THD *thd, uint cs_number); +bool thd_init_client_charset(THD *thd, uint cs_number); bool setup_connection_thread_globals(THD *thd); int mysql_create_db(THD *thd, char *db, HA_CREATE_INFO *create, bool silent); === modified file 'sql/sql_connect.cc' --- a/sql/sql_connect.cc 2010-11-11 07:34:14 +0000 +++ b/sql/sql_connect.cc 2011-02-11 13:02:52 +0000 @@ -582,8 +582,23 @@ void reset_mqh(LEX_USER *lu, bool get_th } -void thd_init_client_charset(THD *thd, uint cs_number) +/** + Set thread character set variables from the given ID + + @param thd thread handle + @param cs_number character set and collation ID + + @retval 0 OK; character_set_client, collation_connection and + character_set_results are set to the new value, + or to the default global values. + + @retval 1 error, e.g. the given ID is not supported by parser. + Corresponding SQL error is sent. +*/ + +bool thd_init_client_charset(THD *thd, uint cs_number) { + CHARSET_INFO *cs; /* Use server character set and collation if - opt_character_set_client_handshake is not set @@ -592,10 +607,10 @@ void thd_init_client_charset(THD *thd, u - client character set doesn't exists in server */ if (!opt_character_set_client_handshake || - !(thd->variables.character_set_client= get_charset(cs_number, MYF(0))) || + !(cs= get_charset(cs_number, MYF(0))) || !my_strcasecmp(&my_charset_latin1, global_system_variables.character_set_client->name, - thd->variables.character_set_client->name)) + cs->name)) { thd->variables.character_set_client= global_system_variables.character_set_client; @@ -606,10 +621,18 @@ void thd_init_client_charset(THD *thd, u } else { + if (cs->mbminlen > 1) + { + /* Disallow non-supported parser character sets: UCS2, UTF16, UTF32 */ + my_error(ER_WRONG_VALUE_FOR_VAR, MYF(0), "character_set_client", + cs->csname); + return true; + } thd->variables.character_set_results= thd->variables.collation_connection= - thd->variables.character_set_client; + thd->variables.character_set_client= cs; } + return false; } @@ -782,7 +805,8 @@ static int check_connection(THD *thd) thd->client_capabilities|= ((ulong) uint2korr(net->read_pos+2)) << 16; thd->max_client_packet_length= uint4korr(net->read_pos+4); DBUG_PRINT("info", ("client_character_set: %d", (uint) net->read_pos[8])); - thd_init_client_charset(thd, (uint) net->read_pos[8]); + if (thd_init_client_charset(thd, (uint) net->read_pos[8])) + return 1; thd->update_charset(); end= (char*) net->read_pos+32; } === modified file 'sql/sql_parse.cc' --- a/sql/sql_parse.cc 2011-01-26 07:32:41 +0000 +++ b/sql/sql_parse.cc 2011-02-11 13:02:52 +0000 @@ -1153,13 +1153,22 @@ bool dispatch_command(enum enum_server_c if (ptr < packet_end) { + CHARSET_INFO *cs; if (ptr + 2 > packet_end) { my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); break; } - cs_number= uint2korr(ptr); + if ((cs_number= uint2korr(ptr)) && + (cs= get_charset(cs_number, MYF(0))) && + (cs->mbminlen > 1)) + { + /* Disallow non-supported parser character sets: UCS2, UTF16, UTF32 */ + my_error(ER_WRONG_VALUE_FOR_VAR, MYF(0), "character_set_client", + cs->csname); + break; + } } /* Convert database name to utf8 */ @@ -1205,7 +1214,11 @@ bool dispatch_command(enum enum_server_c if (cs_number) { - thd_init_client_charset(thd, cs_number); + /* + We have checked charset earlier, + so thd_init_client_charset cannot fail. + */ + DBUG_ASSERT(!thd_init_client_charset(thd, cs_number)); thd->update_charset(); } } === modified file 'tests/mysql_client_test.c' --- a/tests/mysql_client_test.c 2010-12-28 23:47:05 +0000 +++ b/tests/mysql_client_test.c 2011-02-11 13:02:52 +0000 @@ -18399,6 +18399,72 @@ static void test_bug47485() /* + Bug#58036 client utf32, utf16, ucs2 should be disallowed, they crash server +*/ +static void test_bug58036() +{ + MYSQL *conn; + DBUG_ENTER("test_bug47485"); + myheader("test_bug58036"); + + /* Part1: try to connect with ucs2 client character set */ + conn= mysql_client_init(NULL); + mysql_options(conn, MYSQL_SET_CHARSET_NAME, "ucs2"); + if (mysql_real_connect(conn, opt_host, opt_user, + opt_password, opt_db ? opt_db : "test", + opt_port, opt_unix_socket, 0)) + { + if (!opt_silent) + printf("mysql_real_connect() succeeded (failure expected)\n"); + mysql_close(conn); + DIE(); + } + + if (!opt_silent) + printf("Got mysql_real_connect() error (expected): %s (%d)\n", + mysql_error(conn), mysql_errno(conn)); + DIE_UNLESS(mysql_errno(conn) == ER_WRONG_VALUE_FOR_VAR); + mysql_close(conn); + + + /* + Part2: + - connect with latin1 + - then change client character set to ucs2 + - then try mysql_change_user() + */ + conn= mysql_client_init(NULL); + mysql_options(conn, MYSQL_SET_CHARSET_NAME, "latin1"); + if (!mysql_real_connect(conn, opt_host, opt_user, + opt_password, opt_db ? opt_db : "test", + opt_port, opt_unix_socket, 0)) + { + if (!opt_silent) + printf("mysql_real_connect() failed: %s (%d)\n", + mysql_error(conn), mysql_errno(conn)); + mysql_close(conn); + DIE(); + } + + mysql_options(conn, MYSQL_SET_CHARSET_NAME, "ucs2"); + if (!mysql_change_user(conn, opt_user, opt_password, NULL)) + { + if (!opt_silent) + printf("mysql_change_user() succedded, error expected!"); + mysql_close(conn); + DIE(); + } + + if (!opt_silent) + printf("Got mysql_change_user() error (expected): %s (%d)\n", + mysql_error(conn), mysql_errno(conn)); + mysql_close(conn); + + DBUG_VOID_RETURN; +} + + +/* Read and parse arguments and MySQL options from my.cnf */ @@ -18724,6 +18790,7 @@ static struct my_tests_st my_tests[]= { { "test_bug42373", test_bug42373 }, { "test_bug54041", test_bug54041 }, { "test_bug47485", test_bug47485 }, + { "test_bug58036", test_bug58036 }, { 0, 0 } }; --===============1992587767087813246== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/alexander.barkov@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: alexander.barkov@stripped\ # 3kv79qzmft44wmqq # target_branch: file:///home/bar/mysql-bzr/mysql-5.1.b58036v3/ # testament_sha1: 0a0d9ff9c1ff8a55315e3befb13a1f8210f95fe1 # timestamp: 2011-02-11 16:08:20 +0300 # base_revision_id: alfranio.correia@stripped\ # tbrk92p7b691sy7v # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWaG++hoABkT/gFe6IgB7d/// /+//rr////5gDYfPDc6bcXWmlUgibSIhrI1QarQaoEqg2o4aJoRQ9Rp6nqZpPUaHlPSAaZMjRoAA AGj1NGgHqCURDE0NE9E0AhTynhTTbSEAMmgPUNAAAAOZNNDIAGIyDIAaYIGIBo00AGQNAAkRETQ0 RppkU9Nqeim0jGKaehPUG00jQ0yaADE2iNDmTTQyABiMgyAGmCBiAaNNABkDQAJIgg0mINARkINq MoxPSRmiDQ8moaBoANPKHiKIwACl6p3k9lZVgGthLYsZcclXO1MEPnHJIk6qCBwjO9e/L4ozVhNd 87KqmPiFBOVJaygI2sN20tUTQEZCiZNnAcW3oM1YVaXVrBbyRnZeEqQ7M1MxIkMhmnYmdXdcsJIj Dr0yZ67pKpkkOyXxw1S2s1tpAfXF6WS7KpQ9eoutvpm0aNnPYAANpCC0BHAxWNAbbXrGhYXYz/Mk JGJy0uCV1jeghZD0pdSdzvMkyW7Zf7fL5zuFDnB9gM4NttNjYK4zdlC19e3Hgy9srJl4IWty5wzS tS168dskvXfZXRp0xajFcRDLzBfdFB2QSGjUau+P2KgEEBE8YlMtAcLShAWZXTUz5VmhYErmNtuL czM7OLMHQTzsu6GFVZ2M/pxDfQzeYsbOwddfeW51SeteTmFFEZitn0wZF72vUah4u5mNkpFBC772 81yF1Jpao5xzE7pTKETQmVMZ8w0R+Jnfa7y9pbawGEQzF3ex+uuFEXoXUvfgLEFUJnemCcIX22AX br48pBqr3eszMcRLLcsbKByciwx1VlOTDXe5pAdgx3bu1OpMg0GUdPc6ABWr2zq16bsz4yDYNc7F wCiKTX+d6HWNxChAbUIrcjZBJk7jDCHHGXMdOvYMg9XUj5PFEGtoOxjH+K9AQSFewErbR2VUmv1m ihloHWdlCCPhk3GoLGueINMIownH7Le/vlcLgi5QNYMHAT8jsthSRUgNE3GBRgDxLnYdGz42oaOn ly3rIyBny4sZ0J8iZnNCj5DiThNq00yEQe2JMYqX2Jec5i+dIFAJenEXmQshuG9BUWDy5/Go8F2V iUA44o3G12OLXS89y62MNFSFUG5mZhilt8RB2pvyBI60uXLq9TiWF2m4OUMay5rQXdaW5SkgUZDU s4gcb5UMjoGOg5wONoSKwZAMB+FREgkqy4FA8XzyuYLkqnbOUKy48cE87itXBeji0gcYckdhAqK0 ZebmZzQSsUtcz2VGYObTRS6gtGslj9ThIGSpNgTKAN69pol+YxJQpWgMIO4LIgJXOqItpXArVzUj sfm8KApK1UgNkNomQFGLKt93wvviNNU8hsGyWlulgVCnv9UPdC/rrir8AkGzS/XQBrhimnqjLk5x 3kaNhUl4Eh6CVWhJGs4Fb2bnBNU5Fhrm0iltq2E797awRRt0SgjhYvAWnPWxEgPLhxKg+BeXnxLi 6a3mK8pDNpz24yhKKxkCgER1RcjIoapnWWVg5KMYlgnNfeQhmzTyKOtsyKkOUMx42WwE5xUvMjDF bUYKJAaRaMbYNRq2aQST9tNUJt2kZrsKCSHL0bDUs8TqTicCkExjbnONTZ5aF6Tdra+wvU2VlxkP hvqqkCXD3RM5GhJFRAp0Dax31mwNmhKAVHyR78DQR1HA9ImbDoO4bcsYTxZmJIFHVChguZf5nddh Uj0xIG7MsoKn1G9oXKXilkE56oPFAK85M6mVypR7cGrN4aR4Xk6elTUzUV11xV9ZbUxOA8CkSO4F nzixNi4FhwJGJ5TyMte7WY53qyZ8n2JMToRrJzgm15QIZD0Kx8CoujE1f9qKF5UZW8L6qalkD0eq U43mB4E26GuhYYWgoU0WzGR58WhiVTapDUaeq8EtbrvPGW6jzR68a7mGV7DANYx6tpyW2uzKKWSJ 0dUXJVteQL2zdwSKB7r2mkep+nPzI/PsoVm26LXA0Q2vAcBizh7Ac+Q3sh0dxdyXEhUD37J7Vth6 oTR7+auwMbbY35ld4qxZ4YhP3GD2GEfiqdCfVSBqFfd0eV2eMs+2nkYGRYer/gwhoMazvUMm5H4C mYL79oWD/AxVtq/ioq1wsAz2J8SNqr3y1HuOiFqgn26daKyizU+KgiOZMuhqsSp9divRsvZV0g8d VgaCKCRkvqU1btaQMI/fwA8XoD1ceNii9Qib1JRbCbXIjwiaQccJBy81AkOkagow4gasFCWVKqVE UhIifu5kShdA0Wia+eTVx2iPsMR9P1HSd4Z519Z34Oc8mZCWYyP6GZ6JZQn6Cjpew0oYLPgyzGFF 2sqFC43pbnmLaJWm0RFWyyihaVBki082lC0kUppHxO73lC5TWwZ+MM7re2+4yzBqMeOXEJntMTke 9jqUj3Lap3nvrQvtIbSRf3l50jk7z7SO5Ku8zcgiYH1FWPTl9nSvH4IqvLEiFDCE2DBRnf2RxxBS Z6BpYGkftI2Aanpzm4YeRc2s1aO1r8hMg0jZsowGAZcSm+tzgEACqLBLhGiAuBG5xCD8qBVCdU12 Dq9tp7tCC4toMGvWZUBkQmGnbjG47RFWS3EKBp7UWMvit9bNB2HX3B2m70WTIlOUePUeIwFaLAuJ key6xBeldQ4BI8hYPymzx2UkyEzETvOaMYzBjBr7dWy7E9H3OYm2YeXCR7ovaNZbXGPndHfJjrgG 8sAJqG8fHM7S07ZyqbuHEMT1eByFeGg7gxB2pYqizCtCzrOMBqGNRh35OcKl0IXAGK6bN+Pztvjw zxSVUGgfIc2ReWHDk3DtslywSUfCTsT7Zemq9TCjSYpcbTluN6UkNVHGAEAZFScWo+8niVzM+iRD gBCAoq1xxnaAlylJkcZHaHITIYqMYq2m/rfNnj15hDNCtL2sI1HDYQAl9LJKNBLHuGtQbi68FzCK OwDgdpoPAkc3HJHJdHacC2RgsWKqiJaT6RYC6FxOR+MO0LkcvGjfBHhwT7wUORkd5UYNad6hCJW7 ygQLXwl5rLK71DkHuL1HGoMnDc8REqYeMdxFY4AMd5QqEjP7NdSiFC87ihEgWz4JA6LExraIe5GW drPh370D6/WSRdnDzrzOG98WLhkGDAOZIsdiosGTncllbdpxQVciHEMkdvZwjNLkwFUFVUdEXzkg 7URxUqJrFk4JGXopJ2g3A0lOlWra5ctLmtLM55qhLrMTtPGCz3GOI7dgeVg8QeBkliVxCQlWkyEn 4eyRsOFEagBhHfgOicD33AE0IyK4FXLQQAo5YZYFqLkqip2cs3rTwxkXAjAo+iCtS9ZNLouNwLOX 7Fz3mZlZYi5cgVvk+vGfe66G/sw7HnXN18PgOpZx05Kr06zHcs7ckSSyUyXT3hvCCxbztOTweDLW 1MWrWbIbwYMqJMATYurSUJkgckBZJ1ERM8jk0IHTYD4y4wPiXaKrAsZiawjQNg2gGhpsXck6+TSR O0+ZjsIHk5rJkZwtXaq8JjnmIaQ8xhYaFM6Sp0IoEhgPmxuKTBBJUCuovHmL/zMupDoyUTQMDd7i 7QCtLuUltvD+FWZLVWn1o9Zl7hp+oiazXmEqWJb5Aqz5llpOj5YAwtgOmTX2I49QWqKlRyo0obqR 4rV8p6VIM1VAF39lEjavpHxPrxSBbT2UXSZwUNZ1jgnDAGZky1OA4xND3na0paQcTFABVCaTJ4Vw qcxulic0NZx4N1LtF+sa1XJEV36Js1mrilGbAO3SiO5AZlIA3GlalqAwDFe3ZsvumhNYK9AMxcIH GMIZaQvAOZGeNVJdPieqLsq3kW2FCUHScNSCKqOlCyIq+dDTWigR2JyKBt0BOmQyWgG4NBgVTutV Co0YkmF4brMOU9FToM58weVttt7WRchkTEq1oSImZIkRU2EzONB18GZKYT1xiwldK6VbhZYh4dyC BtqR5iC0hE6BkDCgmPcKkyoVAoTqBWEXWIgLRphQWoUimEPthCGEqEVMitK3BGEFutG2aU8zFeoF 9iGsH9l5V4T4jpag3xsET/vaTDVBk8tg1MlVc03mhQvYOmRWlqX0FjzDXLgZpCv8uJIRXOzYbUdB FOhwm4W6Avi+Y0oUm1dZecum3JEXycw9qDi2YFEkEXDuPlVCO4Mr/SdwKSFQtXpzmRJrTQtaq4Ja HwK1GcRggDD8aiED6AWSrOg5XMyqKCWQ54GJixAkGIyDcaoYxHc4M7HoDFc1t2uCBnsUE+MMOgEx A80XBaEJW8+JJzUZLWr/F3JFOFCQob76Gg== --===============1992587767087813246==--