From f4beb9294046ac368cfb66fc3270298a85dbdf4a Mon Sep 17 00:00:00 2001
From: Alexander Barkov <alexander.barkov@oracle.com>
Date: Fri, 18 Feb 2011 12:46:55 +0300
Subject: Bug#11765108 (Bug#58036) client utf32, utf16, ucs2 should be
 disallowed, they crash server

Problem: ucs2 was correctly disallowed in "SET NAMES" only,
while mysql_real_connect() and mysql_change_user() still allowed
to use ucs2, which made server crash.

Fix: disallow ucs2 in mysql_real_connect() and mysql_change_user().

  @ sql/set_var.cc
    Using new function.

  @ sql/sql_acl.cc
    - Return error if character set initialization failed
    - Getting rid of pointer aliasing:
      Initialize user_name to NULL, to avoid double free().

  @ sql/sql_connect.cc
    - in case of unsupported client character set send error and return true
    - in case of success return false

  @ sql/sql_connect.h
    - changing return type for thd_init_client_charset() to bool,
      to return errors to the caller

  @ sql/sql_parse.h
    - introducing a new function, to reuse in all places where we need
    to check client character set.

  @ tests/mysql_client_test.c
    Adding test
---
 sql/sql_connect.cc | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

(limited to 'sql/sql_connect.cc')

diff --git a/sql/sql_connect.cc b/sql/sql_connect.cc
index ad6fe492056..9d7e20c1d6e 100644
--- a/sql/sql_connect.cc
+++ b/sql/sql_connect.cc
@@ -370,8 +370,23 @@ void reset_mqh(LEX_USER *lu, bool get_them= 0)
 }
 
 
-void thd_init_client_charset(THD *thd, uint cs_number)
+/**
+  Set thread character set variables from the given ID
+
+  @param  thd         thread handle
+  @param  cs_number   character set and collation ID
+
+  @retval  0  OK; character_set_client, collation_connection and
+              character_set_results are set to the new value,
+              or to the default global values.
+
+  @retval  1  error, e.g. the given ID is not supported by parser.
+              Corresponding SQL error is sent.
+*/
+
+bool thd_init_client_charset(THD *thd, uint cs_number)
 {
+  CHARSET_INFO *cs;
   /*
    Use server character set and collation if
    - opt_character_set_client_handshake is not set
@@ -380,10 +395,10 @@ void thd_init_client_charset(THD *thd, uint cs_number)
    - client character set doesn't exists in server
   */
   if (!opt_character_set_client_handshake ||
-      !(thd->variables.character_set_client= get_charset(cs_number, MYF(0))) ||
+      !(cs= get_charset(cs_number, MYF(0))) ||
       !my_strcasecmp(&my_charset_latin1,
                      global_system_variables.character_set_client->name,
-                     thd->variables.character_set_client->name))
+                     cs->name))
   {
     thd->variables.character_set_client=
       global_system_variables.character_set_client;
@@ -394,10 +409,18 @@ void thd_init_client_charset(THD *thd, uint cs_number)
   }
   else
   {
+    if (!is_supported_parser_charset(cs))
+    {
+      /* Disallow non-supported parser character sets: UCS2, UTF16, UTF32 */
+      my_error(ER_WRONG_VALUE_FOR_VAR, MYF(0), "character_set_client",
+               cs->csname);
+      return true;
+    }    
     thd->variables.character_set_results=
       thd->variables.collation_connection= 
-      thd->variables.character_set_client;
+      thd->variables.character_set_client= cs;
   }
+  return false;
 }
 
 
-- 
cgit v1.2.1