Commit 4e378bc5 authored by Davi Arnaut's avatar Davi Arnaut

Manual merge.

parents 7ecad98c 54705ab1
......@@ -277,6 +277,16 @@ typedef struct st_net {
/** Client library sqlstate buffer. Set along with the error message. */
char sqlstate[SQLSTATE_LENGTH+1];
void *extension;
#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY)
/*
Controls whether a big packet should be skipped.
Initially set to FALSE by default. Unauthenticated sessions must have
this set to FALSE so that the server can't be tricked to read packets
indefinitely.
*/
my_bool skip_big_packet;
#endif
} NET;
......
......@@ -136,6 +136,9 @@ my_bool my_net_init(NET *net, Vio* vio)
#else
net->query_cache_query= 0;
#endif
#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY)
net->skip_big_packet= FALSE;
#endif
if (vio != 0) /* If real connection */
{
......@@ -949,6 +952,7 @@ my_real_read(NET *net, size_t *complen)
{
#if defined(MYSQL_SERVER) && !defined(NO_ALARM)
if (!net->compress &&
net->skip_big_packet &&
!my_net_skip_rest(net, (uint32) len, &alarmed, &alarm_buff))
net->error= 3; /* Successfully skiped packet */
#endif
......
......@@ -471,6 +471,13 @@ check_user(THD *thd, enum enum_server_command command,
}
my_ok(thd);
thd->password= test(passwd_len); // remember for error messages
/*
Allow the network layer to skip big packets. Although a malicious
authenticated session might use this to trick the server to read
big packets indefinitely, this is a previously established behavior
that needs to be preserved as to not break backwards compatibility.
*/
thd->net.skip_big_packet= TRUE;
/* Ready to handle queries */
DBUG_RETURN(0);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment