#At file:///home/thek/Development/cpp/mysqlbzr/mysql-6.0-bugteam/
2810 Kristofer Pettersson 2008-09-01
Bug#39153 Failing to lookup a host name can lead to crash in current IPv6 implementation
The reverse name lookup used to ensure the server that the client is who it says to be can
fail. When it does it crashes because of an additional freeaddrinfo on an uninitialized
structure.
When a host name is added to the host name cache we do a memcpy on sockaddr_storage
structures but uses the size of struct addrinfo. This also caused a crash.
modified:
sql/hostname.cc
per-file messages:
sql/hostname.cc
* Memcpy memory block size isn't sizeof(struct addrinfo) but
sizeof(struct sockaddr_storage). This caused a crash.
* Don't call freeaddrinfo if we failed to get a res_lst. (caused crash)
=== modified file 'sql/hostname.cc'
--- a/sql/hostname.cc 2008-07-08 16:01:41 +0000
+++ b/sql/hostname.cc 2008-09-01 10:11:50 +0000
@@ -94,7 +94,7 @@ static void add_hostname(struct sockaddr
if ((entry=(host_entry*) malloc(sizeof(host_entry)+length+1)))
{
char *new_name;
- memcpy_fixed(&entry->ip, in, sizeof(struct addrinfo));
+ memcpy_fixed(&entry->ip, in, sizeof(struct sockaddr_storage));
if (length)
memcpy(new_name= (char *) (entry+1), name, length+1);
else
@@ -239,7 +239,6 @@ char *ip_to_hostname(struct sockaddr_sto
add_wrong_ip(in);
my_free(name,MYF(0));
- freeaddrinfo(res_lst);
DBUG_RETURN(0);
}
| Thread |
|---|
| • bzr commit into mysql-6.0 branch (kpettersson:2810) Bug#39153 | Kristofer Pettersson | 1 Sep |
