List:Commits« Previous MessageNext Message »
From:Harin Vadodaria Date:December 13 2012 4:54am
Subject:bzr push into mysql-trunk branch (harin.vadodaria:5230 to 5231) Bug#15965288
View as plain text  
 5231 Harin Vadodaria	2012-12-13 [merge]
      Bug#15965288: BUFFER OVERFLOW IN YASSL FUNCTION
                    DOPROCESSREPLY()
      
      Description: Merge from 5.6 to trunk.

    modified:
      extra/yassl/src/handshake.cpp
 5230 Sunny Bains	2012-12-13 [merge]
      Merge from mysql-5.6 to mysql-trunk.

    modified:
      storage/innobase/lock/lock0lock.cc
=== modified file 'extra/yassl/src/handshake.cpp'
--- a/extra/yassl/src/handshake.cpp	2012-11-06 14:16:49 +0000
+++ b/extra/yassl/src/handshake.cpp	2012-12-13 04:53:33 +0000
@@ -762,8 +762,14 @@ int DoProcessReply(SSL& ssl)
 
         while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
             // each message in record, can be more than 1 if not encrypted
-            if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
+            if (ssl.getSecurity().get_parms().pending_ == false) { // cipher on
+                // sanity check for malicious/corrupted/illegal input
+                if (buffer.get_remaining() < hdr.length_) {
+                    ssl.SetError(bad_input);
+                    return 0;
+                }
                 decrypt_message(ssl, buffer, hdr.length_);
+            }
                 
             mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_));
             if (!msg.get()) {

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-trunk branch (harin.vadodaria:5230 to 5231) Bug#15965288Harin Vadodaria13 Dec