Hello Dmitry!
* Dmitry Shulga <Dmitry.Shulga@stripped> [11/02/16 13:37]:
> #At file:///Users/shulga/projects/mysql/5.1-bugteam-bug56976/ based on
> revid:dao-gang.qu@stripped
>
> 3537 Dmitry Shulga 2011-02-16
> Fixed Bug#11764168 "56976: SEVERE DENIAL OF SERVICE IN PREPARED STATEMENTS".
>
> The problem was that server didn't check resulting size of prepared
> statement argument which was set using mysql_send_long_data() API.
> By calling mysql_send_long_data() several times it was possible
> to create overly big string and thus force server to allocate
> memory for it. There was no way to limit this allocation.
>
> The solution is to add check for size of result string against
> value of max_long_data_size start-up parameter. When intermediate
> string exceeds max_long_data_size value an appropriate error message
> is emitted.
>
> We can't use existing max_allowed_packet parameter for this purpose
> since its value is limited by 1GB and therefore using it as a limit
> for data set through mysql_send_long_data() API would have been an
> incompatible change. Newly introduced max_long_data_size parameter
> gets value from max_allowed_packet parameter unless its value is
> specified explicitly. This new parameter is marked as deprecated
> and will be eventually replaced by max_allowed_packet parameter.
I think it is OK to push this patch.
Thank you for working on this issue!!!
--
Dmitry Lenev, Software Developer
Oracle Development SPB/MySQL, www.mysql.com
Are you MySQL certified? http://www.mysql.com/certification
