diff options
-rw-r--r-- | mysql-test/r/connect_debug.result | 8 | ||||
-rw-r--r-- | mysql-test/t/connect_debug.test | 15 | ||||
-rw-r--r-- | sql-common/client.c | 5 | ||||
-rw-r--r-- | sql/sql_acl.cc | 1 |
4 files changed, 28 insertions, 1 deletions
diff --git a/mysql-test/r/connect_debug.result b/mysql-test/r/connect_debug.result index 3151166a0e6..c455363eb41 100644 --- a/mysql-test/r/connect_debug.result +++ b/mysql-test/r/connect_debug.result @@ -8,3 +8,11 @@ create user 'bad' identified by 'worse'; ERROR 2059 (HY000): Authentication plugin 'foo/bar' cannot be loaded: invalid plugin name set global debug_dbug=@old_dbug; drop user bad; +set global debug_dbug='+d,increase_srv_handshake_scramble_len'; +connect(localhost,root,,test,MASTER_MYPORT,MYSQL_TMP_DIR/mysqld.1.sock); +ERROR HY000: Malformed packet +set global debug_dbug=@old_dbug; +set global debug_dbug='+d,poison_srv_handshake_scramble_len'; +connect(localhost,root,,test,MASTER_MYPORT,MYSQL_TMP_DIR/mysqld.1.sock); +ERROR HY000: Malformed packet +set global debug_dbug=@old_dbug; diff --git a/mysql-test/t/connect_debug.test b/mysql-test/t/connect_debug.test index 7a2f2872b79..de7a292ce67 100644 --- a/mysql-test/t/connect_debug.test +++ b/mysql-test/t/connect_debug.test @@ -21,3 +21,18 @@ create user 'bad' identified by 'worse'; --exec $MYSQL --default-auth=mysql_old_password --user=bad --password=worse 2>&1 set global debug_dbug=@old_dbug; drop user bad; + +# +# Bug#29630767 - USE OF UNINITIALIZED VALUE IN LIBMYSQL (CLIENT.CC FUNCTION RUN_PLUGIN_AUTH) +# +set global debug_dbug='+d,increase_srv_handshake_scramble_len'; +--replace_result $MYSQL_TMP_DIR MYSQL_TMP_DIR $MASTER_MYPORT MASTER_MYPORT +--error 2027 +connect con1,localhost,root; +set global debug_dbug=@old_dbug; + +set global debug_dbug='+d,poison_srv_handshake_scramble_len'; +--replace_result $MYSQL_TMP_DIR MYSQL_TMP_DIR $MASTER_MYPORT MASTER_MYPORT +--error 2027 +connect con2,localhost,root; +set global debug_dbug=@old_dbug; diff --git a/sql-common/client.c b/sql-common/client.c index f535b5119b7..c7fb70fbeef 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -3538,7 +3538,10 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, scramble_data_len= pkt_scramble_len; scramble_plugin= scramble_data + scramble_data_len; if (scramble_data + scramble_data_len > pkt_end) - scramble_data_len= pkt_end - scramble_data; + { + set_mysql_error(mysql, CR_MALFORMED_PACKET, unknown_sqlstate); + goto error; + } } else { diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 8670f5b390d..ac1adf9e58b 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8178,6 +8178,7 @@ static bool send_server_handshake_packet(MPVIO_EXT *mpvio, int2store(end+5, thd->client_capabilities >> 16); end[7]= data_len; DBUG_EXECUTE_IF("poison_srv_handshake_scramble_len", end[7]= -100;); + DBUG_EXECUTE_IF("increase_srv_handshake_scramble_len", end[7]= 50;); bzero(end + 8, 10); end+= 18; /* write scramble tail */ |