• Davi Arnaut's avatar
    Bug#50974: Server keeps receiving big (> max_allowed_packet) packets indefinitely. · 54705ab1
    Davi Arnaut authored
    The server could be tricked to read packets indefinitely if it
    received a packet larger than the maximum size of one packet.
    This problem is aggravated by the fact that it can be triggered
    before authentication.
    
    The solution is to no skip big packets for non-authenticated
    sessions. If a big packet is sent before a session is authen-
    ticated, a error is returned and the connection is closed.
    
    include/mysql_com.h:
      Add skip flag. Only used in server builds.
    sql/net_serv.cc:
      Control whether big packets can be skipped.
    54705ab1
net_serv.cc 31.2 KB