List:General Discussion« Previous MessageNext Message »
From:Michael Widenius Date:October 27 2000 8:37pm
Subject:Re: bug report: segfaults on large host,username,password,db fields
View as plain text  
Hi!

>>>>> "Thimble" == Thimble Smith <tim@stripped> writes:

Thimble> On Wed, Oct 25, 2000 at 04:53:20PM -0700, ppowledge@stripped wrote:
>> >Description:
>> I get segfaults when I use large-ish values for hosts, username, 
>> passwords, and db's in connects. I have not checked this with unix_socket. 
>> >How-To-Repeat:
>> At terminal window, type "mysql -u root -p <X>" where <X> is about
>> 300 characters long. Enter password, then segfault.
>> I have also encountered this with mysql_real_connect(), and can
>> send you sample code if you want.	
>> >Fix:
>> The workaround is simple: don't do it. :^) But what I'm really worried 
>> about here is a DOS attack from a remote user.

Thimble> Since it's the client that's dumping core, there's no worry about a
Thimble> remote user (who must be running the client on her own machine)
Thimble> crashing the server through this problem.

Thimble> Still, it'd be nice to have this fixed.  Note: this still happens on
Thimble> the latest 3.23.

Thimble> Thanks for the report,

Thimble> Tim

Here is a patch for this:

===== libmysql/libmysql.c 1.41 vs edited =====
*** libmysql/libmysql.c-1.41	Mon Oct  9 23:10:40 2000
--- edited/libmysql/libmysql.c	Fri Oct 27 23:30:34 2000
***************
*** 1140,1146 ****
  		   const char *passwd, const char *db,
  		   uint port, const char *unix_socket,uint client_flag)
  {
!   char		buff[100],charset_name_buff[16],*end,*host_info, *charset_name;
    my_socket	sock;
    uint32	ip_addr;
    struct	sockaddr_in sock_addr;
--- 1140,1147 ----
  		   const char *passwd, const char *db,
  		   uint port, const char *unix_socket,uint client_flag)
  {
!   char		buff[NAME_LEN+100],charset_name_buff[16],*end,*host_info,
! 		*charset_name;
    my_socket	sock;
    uint32	ip_addr;
    struct	sockaddr_in sock_addr;
***************
*** 1496,1502 ****
  
    int3store(buff+2,max_allowed_packet);
    if (user && user[0])
!     strmake(buff+5,user,32);
    else
      read_user_name((char*) buff+5);
  #ifdef _CUSTOMCONFIG_
--- 1497,1503 ----
  
    int3store(buff+2,max_allowed_packet);
    if (user && user[0])
!     strmake(buff+5,user,32);			/* Max user name */
    else
      read_user_name((char*) buff+5);
  #ifdef _CUSTOMCONFIG_
***************
*** 1507,1513 ****
  	       (my_bool) (mysql->protocol_version == 9));
    if (db && (mysql->server_capabilities & CLIENT_CONNECT_WITH_DB))
    {
!     end=strmov(end+1,db);
      mysql->db=my_strdup(db,MYF(MY_WME));
      db=0;
    }
--- 1508,1514 ----
  	       (my_bool) (mysql->protocol_version == 9));
    if (db && (mysql->server_capabilities & CLIENT_CONNECT_WITH_DB))
    {
!     end=strmake(end+1,db,NAME_LEN);
      mysql->db=my_strdup(db,MYF(MY_WME));
      db=0;
    }

Regards,
Monty
Thread
SV: Mysql-3_22_19b Install TroubleMartin Edelius18 Mar
  • iODBCsinisa27 Jul
    • Re: iODBCSanjeeb K Bhuyan27 Jul
  • Re: bug report: segfaults on large host,username,password,db fieldsMichael Widenius4 Nov
Re: SV: Mysql-3_22_19b Install TroubleKevin P. O'Brien18 Mar