From e4090f813a36c21971dd584eea94e8e5a66d139e Mon Sep 17 00:00:00 2001
From: Alexander Barkov <alexander.barkov@oracle.com>
Date: Fri, 18 Feb 2011 16:12:36 +0300
Subject: Bug#11765108 (Bug#58036) client utf32, utf16, ucs2 should be
 disallowed, they crash server

A separate fix for 5.1 (as 5.1 and 5.5 have seriously
differged in the related pieces of the code).
A patch for 5.5 was approved earlier.

Problem: ucs2 was correctly disallowed in "SET NAMES" only,
while mysql_real_connect() and mysql_change_user() still allowed
to use ucs2, which made server crash.

Fix: disallow ucs2 in mysql_real_connect() and mysql_change_user().

  @ sql/sql_priv.h
    - changing return type for thd_init_client_charset() to bool,
      to return errors to the caller

  @ sql/sql_var.cc
    - using new function

  @ sql/sql_connect.cc
    - thd_client_charset_init:
      in case of unsupported client character set send error and return true;
      in case of success return false
    - check_connection:
      Return error if character set initialization failed

  @ sql/sql_parse.cc
    - check charset in the very beginnig of the CMD_CHANGE_USER handling code

  @ tests/mysql_client_test.c
    - adding tests
---
 sql/mysql_priv.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'sql/mysql_priv.h')

diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h
index 1838f0c924d..67631b265ab 100644
--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@@ -1019,7 +1019,11 @@ void reset_mqh(LEX_USER *lu, bool get_them);
 bool check_mqh(THD *thd, uint check_command);
 void time_out_user_resource_limits(THD *thd, USER_CONN *uc);
 void decrease_user_connections(USER_CONN *uc);
-void thd_init_client_charset(THD *thd, uint cs_number);
+bool thd_init_client_charset(THD *thd, uint cs_number);
+inline bool is_supported_parser_charset(CHARSET_INFO *cs)
+{
+  return test(cs->mbminlen == 1);
+}
 bool setup_connection_thread_globals(THD *thd);
 
 int mysql_create_db(THD *thd, char *db, HA_CREATE_INFO *create, bool silent);
-- 
cgit v1.2.1


From 0dd2750227345824982782377adeafd7d07a3709 Mon Sep 17 00:00:00 2001
From: Dmitry Shulga <Dmitry.Shulga@oracle.com>
Date: Tue, 15 Mar 2011 17:36:12 +0600
Subject: Fixed Bug#11764168 "56976: SEVERE DENIAL OF SERVICE IN PREPARED
 STATEMENTS".

The problem was that server didn't check resulting size of prepared
statement argument which was set using mysql_send_long_data() API.
By calling mysql_send_long_data() several times it was possible
to create overly big string and thus force server to allocate
memory for it. There was no way to limit this allocation.

The solution is to add check for size of result string against
value of max_long_data_size start-up parameter. When intermediate
string exceeds max_long_data_size value an appropriate error message
is emitted.

We can't use existing max_allowed_packet parameter for this purpose
since its value is limited by 1GB and therefore using it as a limit
for data set through mysql_send_long_data() API would have been an
incompatible change. Newly introduced max_long_data_size parameter
gets value from max_allowed_packet parameter unless its value is
specified explicitly. This new parameter is marked as deprecated
and will be eventually replaced by max_allowed_packet parameter.
Value of max_long_data_size parameter can be set only at server
startup.


mysql-test/t/variables.test:
  Added checking for new start-up parameter max_long_data_size.
sql/item.cc:
  Added call to my_message() when accumulated string exceeds
  max_long_data_size value. my_message() calls error handler
  that was installed in mysql_stmt_get_longdata before call
  to Item_param::set_longdata.

  The error handler then sets state, last_error and last_errno
  fields for current statement to values which correspond to
  error which was caught.
sql/mysql_priv.h:
  Added max_long_data_size variable declaration.
sql/mysqld.cc:
  Added support for start-up parameter 'max_long_data_size'.
  This parameter limits size of data which can be sent from
  client to server using mysql_send_long_data() API.
sql/set_var.cc:
  Added variable 'max_long_data_size' into list of variables
  displayed by command 'show variables'.
sql/sql_prepare.cc:
  Added error handler class Set_longdata_error_handler.
  This handler is used to catch any errors that can be
  generated during execution of Item_param::set_longdata().

  Source code snippet that makes checking for statement's state
  during statement execution is moved from Prepared_statement::execute()
  to Prepared_statement::execute_loop() in order not to call
  set_parameters() when statement has failed during
  set_long_data() execution. If this hadn't been done
  the call to set_parameters() would have failed.
tests/mysql_client_test.c:
  A testcase for the bug #56976 was added.
---
 sql/mysql_priv.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'sql/mysql_priv.h')

diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h
index 67631b265ab..8f9a9080d12 100644
--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@@ -1965,6 +1965,7 @@ extern my_bool relay_log_purge, opt_innodb_safe_binlog, opt_innodb;
 extern uint test_flags,select_errors,ha_open_options;
 extern uint protocol_version, mysqld_port, dropping_tables;
 extern uint delay_key_write_options;
+extern ulong max_long_data_size;
 #endif /* MYSQL_SERVER */
 #if defined MYSQL_SERVER || defined INNODB_COMPATIBILITY_HOOKS
 extern MYSQL_PLUGIN_IMPORT uint lower_case_table_names;
-- 
cgit v1.2.1


From d486d166091397ff7ac84928ab314fdbd9c3541c Mon Sep 17 00:00:00 2001
From: Michael Widenius <monty@askmonty.org>
Date: Wed, 4 May 2011 21:28:02 +0300
Subject: Fixed build errors on centos5-amd64-minimal, where we compile with
 very few character sets Fixed compiler warnings

client/readline.cc:
  Fixed compiler warning
mysql-test/t/mysqldump.test:
  Only run test if utf8 is used
sql/log.cc:
  Fixed compiler warning
sql/mysql_priv.h:
  Fixed compiler warnings
tests/mysql_client_test.c:
  Don't abort test if ucs2 is not in use.
---
 sql/mysql_priv.h | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'sql/mysql_priv.h')

diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h
index 0a62c17e2fc..24c8ba0b257 100644
--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@@ -909,14 +909,14 @@ struct Query_cache_query_flags
   (((L)->sql_command == SQLCOM_SELECT) && (L)->safe_to_cache_query)
 #else
 #define QUERY_CACHE_FLAGS_SIZE 0
-#define query_cache_store_query(A, B)
-#define query_cache_destroy()
-#define query_cache_result_size_limit(A)
-#define query_cache_init()
-#define query_cache_resize(A)
-#define query_cache_set_min_res_unit(A)
-#define query_cache_invalidate3(A, B, C)
-#define query_cache_invalidate1(A)
+#define query_cache_store_query(A, B)     do { } while(0)
+#define query_cache_destroy()             do { } while(0)
+#define query_cache_result_size_limit(A)  do { } while(0)
+#define query_cache_init()                do { } while(0)
+#define query_cache_resize(A)             do { } while(0)
+#define query_cache_set_min_res_unit(A)   do { } while(0)
+#define query_cache_invalidate3(A, B, C)  do { } while(0)
+#define query_cache_invalidate1(A)        do { } while(0)
 #define query_cache_send_result_to_client(A, B, C) 0
 #define query_cache_invalidate_by_MyISAM_filename_ref NULL
 
-- 
cgit v1.2.1