From: Sergey Vojtovich Date: June 3 2011 8:28am Subject: bzr push into mysql-5.1 branch (sergey.vojtovich:3634 to 3635) List-Archive: http://lists.mysql.com/commits/138630 Message-Id: <201106030828.p538SO7c009023@acsmt356.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 3635 Sergey Vojtovich 2011-06-03 [merge] Merge. added: mysql-test/r/archive_debug.result mysql-test/t/archive_debug.test modified: storage/archive/azio.c storage/archive/ha_archive.cc 3634 Davi Arnaut 2011-05-30 Bug#12563279: REGRESSION IN HANDLING PRE-4.1 AUTHENTICATION PACKET The problem is that clients implementing the 4.0 version of the protocol (that is, mysql-4.0) do not null terminate a string at the end of the authentication packet. These clients denote the end of the string with the end of the packet. Although this goes against the documented (see MySQL Internals ClientServer Protocol wiki) description of the protocol, these old clients still need to be supported. The solution is to support the documented and actual behavior of the clients. If a client is using the pre-4.1 version of the protocol, the end of a string in the authentication packet can either be denoted with a null character or by the end of the packet. This restores backwards compatibility with old clients implementing either the documented or actual behavior. @ sql/password.c The scrambled message, as provided by the user, might not be properly null terminated. If this is the case, uninitialized memory past the end of the buffer could theoretically be accessed. To ensure that this is never the case, copy the scrambled message over to a null terminated auxiliar buffer. @ sql/sql_connect.cc Use different execution paths to read strings depending on the protocol being used. If version 4.0 of the protocol is used, end of string can be denoted with a NUL character or by the end of the packet. If there are not enough bytes left after the current position of the buffer to satisfy the current string, the string is considered to be empty. This is required because old clients do not send the password string field if the password is empty. modified: sql/password.c sql/sql_connect.cc === added file 'mysql-test/r/archive_debug.result' --- a/mysql-test/r/archive_debug.result 1970-01-01 00:00:00 +0000 +++ b/mysql-test/r/archive_debug.result 2011-05-18 10:01:43 +0000 @@ -0,0 +1,12 @@ +# +# BUG#12402794 - 60976: CRASH, VALGRIND WARNING AND MEMORY LEAK +# WITH PARTITIONED ARCHIVE TABLES +# +CREATE TABLE t1(a INT) ENGINE=ARCHIVE; +INSERT INTO t1 VALUES(1); +SET SESSION debug='d,simulate_archive_open_failure'; +CHECK TABLE t1; +Table Op Msg_type Msg_text +test.t1 check error Corrupt +SET SESSION debug=DEFAULT; +DROP TABLE t1; === added file 'mysql-test/t/archive_debug.test' --- a/mysql-test/t/archive_debug.test 1970-01-01 00:00:00 +0000 +++ b/mysql-test/t/archive_debug.test 2011-05-18 10:01:43 +0000 @@ -0,0 +1,13 @@ +--source include/have_archive.inc +--source include/have_debug.inc + +--echo # +--echo # BUG#12402794 - 60976: CRASH, VALGRIND WARNING AND MEMORY LEAK +--echo # WITH PARTITIONED ARCHIVE TABLES +--echo # +CREATE TABLE t1(a INT) ENGINE=ARCHIVE; +INSERT INTO t1 VALUES(1); +SET SESSION debug='d,simulate_archive_open_failure'; +CHECK TABLE t1; +SET SESSION debug=DEFAULT; +DROP TABLE t1; === modified file 'storage/archive/azio.c' --- a/storage/archive/azio.c 2009-11-17 12:14:27 +0000 +++ b/storage/archive/azio.c 2011-05-18 10:01:43 +0000 @@ -114,6 +114,15 @@ int az_open (azio_stream *s, const char errno = 0; s->file = fd < 0 ? my_open(path, Flags, MYF(0)) : fd; + DBUG_EXECUTE_IF("simulate_archive_open_failure", + { + if (s->file >= 0) + { + my_close(s->file, MYF(0)); + s->file= -1; + my_errno= EMFILE; + } + }); if (s->file < 0 ) { === modified file 'storage/archive/ha_archive.cc' --- a/storage/archive/ha_archive.cc 2011-05-06 08:03:02 +0000 +++ b/storage/archive/ha_archive.cc 2011-05-18 10:01:43 +0000 @@ -1586,11 +1586,12 @@ int ha_archive::check(THD* thd, HA_CHECK azflush(&(share->archive_write), Z_SYNC_FLUSH); pthread_mutex_unlock(&share->mutex); + if (init_archive_reader()) + DBUG_RETURN(HA_ADMIN_CORRUPT); /* Now we will rewind the archive file so that we are positioned at the start of the file. */ - init_archive_reader(); read_data_header(&archive); while (!(rc= get_row(&archive, table->record[0]))) count--; No bundle (reason: useless for push emails).