List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:April 17 2009 4:20pm
Subject:bzr push into mysql-5.1-bugteam branch (joro:2865 to 2866)
View as plain text  
 2866 Georgi Kodinov	2009-04-17 [merge]
      merged bug 35087 to 5.1-bugteam

    modified:
      mysql-test/r/func_des_encrypt.result
      mysql-test/t/func_des_encrypt.test
      sql/item_strfunc.cc
      sql/item_strfunc.h
 2865 Sergey Glukhov	2009-04-17 [merge]
      5.0-bugteam->5.1-bugteam merge
     @ mysql-test/include/handler.inc
        5.0-bugteam->5.1-bugteam merge
     @ mysql-test/r/handler_innodb.result
        5.0-bugteam->5.1-bugteam merge
     @ mysql-test/r/handler_myisam.result
        5.0-bugteam->5.1-bugteam merge
     @ sql/sql_handler.cc
        5.0-bugteam->5.1-bugteam merge

    modified:
      mysql-test/include/handler.inc
      mysql-test/r/handler_innodb.result
      mysql-test/r/handler_myisam.result
      sql/sql_handler.cc
=== modified file 'mysql-test/r/func_des_encrypt.result'
--- a/mysql-test/r/func_des_encrypt.result	2005-07-07 18:49:44 +0000
+++ b/mysql-test/r/func_des_encrypt.result	2009-04-17 15:52:57 +0000
@@ -1,3 +1,37 @@
 select des_encrypt('hello');
 des_encrypt('hello')
 ��2nV��
+#
+# Bug #11643: des_encrypt() causes server to die
+#
+CREATE TABLE t1 (des VARBINARY(200) NOT NULL DEFAULT '') ENGINE=MyISAM;
+INSERT INTO t1 VALUES ('1234'), ('12345'), ('123456'), ('1234567');
+UPDATE t1 SET des=DES_ENCRYPT('1234');
+SELECT LENGTH(des) FROM t1;
+LENGTH(des)
+9
+9
+9
+9
+SELECT DES_DECRYPT(des) FROM t1;
+DES_DECRYPT(des)
+1234
+1234
+1234
+1234
+SELECT 
+LENGTH(DES_ENCRYPT('1234')), 
+LENGTH(DES_ENCRYPT('12345')), 
+LENGTH(DES_ENCRYPT('123456')), 
+LENGTH(DES_ENCRYPT('1234567'));
+LENGTH(DES_ENCRYPT('1234'))	LENGTH(DES_ENCRYPT('12345'))	LENGTH(DES_ENCRYPT('123456'))	LENGTH(DES_ENCRYPT('1234567'))
+9	9	9	9
+SELECT 
+DES_DECRYPT(DES_ENCRYPT('1234')), 
+DES_DECRYPT(DES_ENCRYPT('12345')), 
+DES_DECRYPT(DES_ENCRYPT('123456')), 
+DES_DECRYPT(DES_ENCRYPT('1234567'));
+DES_DECRYPT(DES_ENCRYPT('1234'))	DES_DECRYPT(DES_ENCRYPT('12345'))	DES_DECRYPT(DES_ENCRYPT('123456'))	DES_DECRYPT(DES_ENCRYPT('1234567'))
+1234	12345	123456	1234567
+DROP TABLE t1;
+End of 5.0 tests

=== modified file 'mysql-test/t/func_des_encrypt.test'
--- a/mysql-test/t/func_des_encrypt.test	2007-03-05 09:03:42 +0000
+++ b/mysql-test/t/func_des_encrypt.test	2009-04-17 15:52:57 +0000
@@ -9,3 +9,31 @@
 select des_encrypt('hello');
 
 # End of 4.1 tests
+
+--echo #
+--echo # Bug #11643: des_encrypt() causes server to die
+--echo #
+
+CREATE TABLE t1 (des VARBINARY(200) NOT NULL DEFAULT '') ENGINE=MyISAM;
+
+INSERT INTO t1 VALUES ('1234'), ('12345'), ('123456'), ('1234567');
+
+UPDATE t1 SET des=DES_ENCRYPT('1234');
+
+SELECT LENGTH(des) FROM t1;
+SELECT DES_DECRYPT(des) FROM t1;
+
+SELECT 
+ LENGTH(DES_ENCRYPT('1234')), 
+ LENGTH(DES_ENCRYPT('12345')), 
+ LENGTH(DES_ENCRYPT('123456')), 
+ LENGTH(DES_ENCRYPT('1234567'));
+SELECT 
+ DES_DECRYPT(DES_ENCRYPT('1234')), 
+ DES_DECRYPT(DES_ENCRYPT('12345')), 
+ DES_DECRYPT(DES_ENCRYPT('123456')), 
+ DES_DECRYPT(DES_ENCRYPT('1234567'));
+
+DROP TABLE t1;
+
+--Echo End of 5.0 tests

=== modified file 'sql/item_strfunc.cc'
--- a/sql/item_strfunc.cc	2009-03-24 13:58:52 +0000
+++ b/sql/item_strfunc.cc	2009-04-17 16:18:00 +0000
@@ -504,17 +504,21 @@ String *Item_func_des_encrypt::val_str(S
      string marking change of string length.
   */
 
-  tail=  (8-(res_length) % 8);			// 1..8 marking extra length
+  tail= 8 - (res_length % 8);                   // 1..8 marking extra length
   res_length+=tail;
+  tmp_arg.realloc(res_length);
+  tmp_arg.length(0);
+  tmp_arg.append(res->ptr(), res->length());
   code= ER_OUT_OF_RESOURCES;
-  if (tail && res->append(append_str, tail) || tmp_value.alloc(res_length+1))
+  if (tmp_arg.append(append_str, tail) || tmp_value.alloc(res_length+1))
     goto error;
-  (*res)[res_length-1]=tail;			// save extra length
+  tmp_arg[res_length-1]=tail;                   // save extra length
+  tmp_value.realloc(res_length+1);
   tmp_value.length(res_length+1);
   tmp_value[0]=(char) (128 | key_number);
   // Real encryption
   bzero((char*) &ivec,sizeof(ivec));
-  DES_ede3_cbc_encrypt((const uchar*) (res->ptr()),
+  DES_ede3_cbc_encrypt((const uchar*) (tmp_arg.ptr()),
 		       (uchar*) (tmp_value.ptr()+1),
 		       res_length,
 		       &keyschedule.ks1,

=== modified file 'sql/item_strfunc.h'
--- a/sql/item_strfunc.h	2009-02-13 16:41:47 +0000
+++ b/sql/item_strfunc.h	2009-04-17 16:18:00 +0000
@@ -293,13 +293,17 @@ public:
 
 class Item_func_des_encrypt :public Item_str_func
 {
-  String tmp_value;
+  String tmp_value,tmp_arg;
 public:
   Item_func_des_encrypt(Item *a) :Item_str_func(a) {}
   Item_func_des_encrypt(Item *a, Item *b): Item_str_func(a,b) {}
   String *val_str(String *);
   void fix_length_and_dec()
-  { maybe_null=1; max_length = args[0]->max_length+8; }
+  {
+    maybe_null=1;
+    /* 9 = MAX ((8- (arg_len % 8)) + 1) */
+    max_length = args[0]->max_length + 9;
+  }
   const char *func_name() const { return "des_encrypt"; }
 };
 
@@ -310,7 +314,12 @@ public:
   Item_func_des_decrypt(Item *a) :Item_str_func(a) {}
   Item_func_des_decrypt(Item *a, Item *b): Item_str_func(a,b) {}
   String *val_str(String *);
-  void fix_length_and_dec() { maybe_null=1; max_length = args[0]->max_length; }
+  void fix_length_and_dec()
+  {
+    maybe_null=1;
+    /* 9 = MAX ((8- (arg_len % 8)) + 1) */
+    max_length = args[0]->max_length - 9;
+  }
   const char *func_name() const { return "des_decrypt"; }
 };
 

Attachment: [text/bzr-bundle] bzr/joro@sun.com-20090417161800-h5dd1pxbpaeaq4zz.bundle
Thread
bzr push into mysql-5.1-bugteam branch (joro:2865 to 2866) Georgi Kodinov17 Apr