Below is the list of changes that have just been committed into a local
5.1 repository of serg. When serg does a push these changes
will be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2008-01-11 12:34:12+01:00, serg@stripped +4 -0
Bug#33814 - yassl problems
BitKeeper/etc/ignore@stripped, 2008-01-11 12:34:07+01:00, serg@stripped +1 -0
Added libmysqld/sql_profile.cc to the ignore list
extra/yassl/src/handshake.cpp@stripped, 2008-01-11 12:34:07+01:00, serg@stripped +5 -0
Bug#33814 - yassl problems
extra/yassl/src/template_instnt.cpp@stripped, 2008-01-11 12:34:07+01:00, serg@stripped +3 -2
new template instantiation
extra/yassl/src/yassl_imp.cpp@stripped, 2008-01-11 12:34:07+01:00, serg@stripped +10 -1
Bug#33814 - yassl problems
diff -Nrup a/BitKeeper/etc/ignore b/BitKeeper/etc/ignore
--- a/BitKeeper/etc/ignore 2007-12-13 12:49:43 +01:00
+++ b/BitKeeper/etc/ignore 2008-01-11 12:34:07 +01:00
@@ -3012,3 +3012,4 @@ win/vs8cache.txt
ylwrap
zlib/*.ds?
zlib/*.vcproj
+libmysqld/sql_profile.cc
diff -Nrup a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
--- a/extra/yassl/src/handshake.cpp 2007-08-28 09:57:52 +02:00
+++ b/extra/yassl/src/handshake.cpp 2008-01-11 12:34:07 +01:00
@@ -527,6 +527,11 @@ void ProcessOldClientHello(input_buffer&
input.read(len, sizeof(len));
uint16 randomLen;
ato16(len, randomLen);
+ if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN ||
+ randomLen > RAN_LEN) {
+ ssl.SetError(bad_input);
+ return;
+ }
int j = 0;
for (uint16 i = 0; i < ch.suite_len_; i += 3) {
diff -Nrup a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp
--- a/extra/yassl/src/template_instnt.cpp 2007-01-29 17:54:36 +01:00
+++ b/extra/yassl/src/template_instnt.cpp 2008-01-11 12:34:07 +01:00
@@ -101,8 +101,9 @@ template void ysArrayDelete<unsigned cha
template void ysArrayDelete<char>(char*);
template int min<int>(int, int);
-template unsigned int min<unsigned int>(unsigned int, unsigned int);
-template unsigned long min<unsigned long>(unsigned long, unsigned long);
+template uint16 min<uint16>(uint16, uint16);
+template uint min<uint>(uint, uint);
+template size_t min<size_t>(size_t, size_t);
}
#endif // HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
diff -Nrup a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp
--- a/extra/yassl/src/yassl_imp.cpp 2007-01-29 17:54:36 +01:00
+++ b/extra/yassl/src/yassl_imp.cpp 2008-01-11 12:34:07 +01:00
@@ -621,6 +621,10 @@ void HandShakeHeader::Process(input_buff
}
uint len = c24to32(length_);
+ if (len > input.get_remaining()) {
+ ssl.SetError(bad_input);
+ return;
+ }
hashHandShake(ssl, input, len);
hs->set_length(len);
@@ -1391,10 +1395,15 @@ input_buffer& operator>>(input_buffer& i
// Suites
byte tmp[2];
+ uint16 len;
tmp[0] = input[AUTO];
tmp[1] = input[AUTO];
- ato16(tmp, hello.suite_len_);
+ ato16(tmp, len);
+
+ hello.suite_len_ = min(len, static_cast<uint16>(MAX_SUITE_SZ));
input.read(hello.cipher_suites_, hello.suite_len_);
+ if (len > hello.suite_len_) // ignore extra suites
+ input.set_current(input.get_current() + len - hello.suite_len_);
// Compression
hello.comp_len_ = input[AUTO];
| Thread |
|---|
| • bk commit into 5.1 tree (serg:1.2504) BUG#33814 | Sergei Golubchik | 11 Jan |
