1. 11 Oct, 2006 2 commits
  2. 09 Oct, 2006 3 commits
    • cmiller@zippy.cornsilk.net's avatar
      Bug#17583: mysql drops connection when stdout is not writable · 438ffa81
      cmiller@zippy.cornsilk.net authored
      Porting forward tests to replacement files.
      438ffa81
    • cmiller@zippy.cornsilk.net's avatar
      Merge zippy.cornsilk.net:/home/cmiller/work/mysql/bug17583/my41-bug17583 · 4d0023ed
      cmiller@zippy.cornsilk.net authored
      into  zippy.cornsilk.net:/home/cmiller/work/mysql/bug17583/my50-bug17583
      4d0023ed
    • cmiller@zippy.cornsilk.net's avatar
      Bug#17583: mysql drops connection when stdout is not writable · 4812d81e
      cmiller@zippy.cornsilk.net authored
      When the client program had its stdout file descriptor closed by the calling
      shell, after some amount of work (enough to fill a socket buffer) the server 
      would complain about a packet error and then disconnect the client.
      
      This is a serious security problem.  If stdout is closed before the mysql is
      exec()d, then the first socket() call allocates file number 1 to communicate
      with the server.  Subsequent write()s to that file number (as when printing
      results that come back from the database) go back to the server instead in 
      the command channel.  So, one should be able to craft data which, upon being
      selected back from the server to the client, and injected into the command
      stream become valid MySQL protocol to do something nasty when sent /back/ to 
      the server.
      
      The solution is to close explicitly the file descriptor that we *printf() to, 
      so that the libc layer and the OS layer both agree that the file is closed.
      4812d81e
  3. 03 Oct, 2006 2 commits
  4. 02 Oct, 2006 2 commits
  5. 29 Sep, 2006 4 commits
  6. 28 Sep, 2006 6 commits
  7. 27 Sep, 2006 7 commits
  8. 26 Sep, 2006 1 commit
  9. 25 Sep, 2006 7 commits
  10. 24 Sep, 2006 2 commits
  11. 23 Sep, 2006 4 commits