Below is the list of changes that have just been committed into a local
5.0 repository of tnurnberg. When tnurnberg does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2007-06-07 14:13:31+02:00, tnurnberg@stripped +5 -0
Bug#24924: shared-memory-base-name that is too long causes buffer overflow
long shared-memory-base-names could overflow a static internal buffer
and thus crash mysqld and various clients. change both to dynamic
buffers, show everything but overflowing those buffers still works.
mysql-test/r/windows_shm.result@stripped, 2007-06-07 14:13:30+02:00, tnurnberg@stripped +2 -0
Bug#24924: shared-memory-base-name that is too long causes buffer overflow
show that long shared-memory-base-names no longer break client or serve
mysql-test/r/windows_shm.result@stripped, 2007-06-07 14:13:30+02:00, tnurnberg@stripped +0 -0
mysql-test/t/windows_shm-master.opt@stripped, 2007-06-07 14:13:30+02:00, tnurnberg@stripped +1 -0
Bug#24924: shared-memory-base-name that is too long causes buffer overflow
show that long shared-memory-base-names no longer break client or server;
restart server to use SHM (and SHM only) to accomplish this.
mysql-test/t/windows_shm-master.opt@stripped, 2007-06-07 14:13:30+02:00, tnurnberg@stripped +0 -0
mysql-test/t/windows_shm.test@stripped, 2007-06-07 14:13:30+02:00, tnurnberg@stripped +9 -0
Bug#24924: shared-memory-base-name that is too long causes buffer overflow
show that long shared-memory-base-names no longer break client or serve
mysql-test/t/windows_shm.test@stripped, 2007-06-07 14:13:30+02:00, tnurnberg@stripped +0 -0
sql-common/client.c@stripped, 2007-06-07 14:13:30+02:00, tnurnberg@stripped +10 -1
Bug#24924: shared-memory-base-name that is too long causes buffer overflow
compose shared memory name in dynamic rather than static buffer to prevent
overflows (clients)
sql/mysqld.cc@stripped, 2007-06-07 14:13:30+02:00, tnurnberg@stripped +10 -1
Bug#24924: shared-memory-base-name that is too long causes buffer overflow
compose shared memory name in dynamic rather than static buffer to prevent
overflows (server)
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: tnurnberg
# Host: sin.intern.azundris.com
# Root: /home/tnurnberg/24924/50-24924
--- 1.613/sql/mysqld.cc 2007-06-05 23:04:33 +02:00
+++ 1.614/sql/mysqld.cc 2007-06-07 14:13:30 +02:00
@@ -4408,7 +4408,7 @@ pthread_handler_t handle_connections_sha
HANDLE event_connect_answer= 0;
ulong smem_buffer_length= shared_memory_buffer_length + 4;
ulong connect_number= 1;
- char tmp[63];
+ char *tmp= NULL;
char *suffix_pos;
char connect_number_char[22], *p;
const char *errmsg= 0;
@@ -4417,6 +4417,12 @@ pthread_handler_t handle_connections_sha
DBUG_ENTER("handle_connections_shared_memorys");
DBUG_PRINT("general",("Waiting for allocated shared memory."));
+ /*
+ get enough space base-name + '_' + longest suffix we might ever send
+ */
+ if (!(tmp= (char *)my_malloc(strlen(shared_memory_base_name) + 32L)))
+ goto error;
+
if (my_security_attr_create(&sa_event, &errmsg,
GENERIC_ALL, SYNCHRONIZE | EVENT_MODIFY_STATE))
goto error;
@@ -4604,6 +4610,9 @@ errorconn:
/* End shared memory handling */
error:
+ if (tmp)
+ my_free(tmp);
+
if (errmsg)
{
char buff[180];
--- 1.113/sql-common/client.c 2007-05-24 20:51:35 +02:00
+++ 1.114/sql-common/client.c 2007-06-07 14:13:30 +02:00
@@ -402,7 +402,7 @@ HANDLE create_shared_memory(MYSQL *mysql
HANDLE handle_file_map = NULL;
ulong connect_number;
char connect_number_char[22], *p;
- char tmp[64];
+ char *tmp= NULL;
char *suffix_pos;
DWORD error_allow = 0;
DWORD error_code = 0;
@@ -410,6 +410,12 @@ HANDLE create_shared_memory(MYSQL *mysql
char *shared_memory_base_name = mysql->options.shared_memory_base_name;
/*
+ get enough space base-name + '_' + longest suffix we might ever send
+ */
+ if (!(tmp= (char *)my_malloc(strlen(shared_memory_base_name) + 32L)))
+ goto err;
+
+ /*
The name of event and file-mapping events create agree next rule:
shared_memory_base_name+unique_part
Where:
@@ -551,6 +557,9 @@ err2:
CloseHandle(handle_file_map);
}
err:
+ if (tmp)
+ my_free(tmp);
+
if (error_allow)
error_code = GetLastError();
if (event_connect_request)
--- New file ---
+++ mysql-test/r/windows_shm.result 07/06/07 14:13:30
mysqld is alive
End of 5.0 tests.
--- New file ---
+++ mysql-test/t/windows_shm-master.opt 07/06/07 14:13:30
--skip-grant-tables --shared-memory-base-name=HeyMrBaseNameXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --shared-memory=1
--- New file ---
+++ mysql-test/t/windows_shm.test 07/06/07 14:13:30
# Windows-specific tests
--source include/windows.inc
#
# Bug #24924: shared-memory-base-name that is too long causes buffer overflow
#
--exec $MYSQLADMIN --no-defaults --shared-memory-base-name=HeyMrBaseNameXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ping
--echo End of 5.0 tests.
| Thread |
|---|
| • bk commit into 5.0 tree (tnurnberg:1.2517) BUG#24924 | Tatjana A Nuernberg | 7 Jun |
