An error occurred fetching the project authors.
  1. 30 Aug, 2006 1 commit
    • unknown's avatar
      Bug#21813 An attacker has the opportunity to bypass query logging, part2 · d4075f66
      unknown authored
       - Use the "%.*b" format when printing prepared and exeuted prepared statements to the log.
       - Add test case to check that also prepared statements end up in the query log
      Bug#14346 Prepared statements corrupting general log/server memory
       - Use "stmt->query" when logging the newly prepared query instead of "packet"
      
      
      sql/sql_prepare.cc:
        mysql_stmt_prepare
         - Use "%.*b" format when printing to log
         - Print the query from stmt instead of "packet", packet points at the net in/out buffer and has most likely been overwritten
           when  result for prepare was written to client.
        mysql_stmt_execute 
         - Use "%.*b" format when printing to log
         - Print the query from thd as the expanded query has been specifially set to be valid also after restore from backup statement
      tests/mysql_client_test.c:
        Add tests for bug#21813 to already existing test for bug#17667. Add functionality for also executing prepared statements and making sure they end up in the log as well.
      d4075f66
  2. 22 Aug, 2006 2 commits
  3. 21 Aug, 2006 1 commit
  4. 14 Aug, 2006 1 commit
  5. 10 Aug, 2006 1 commit
  6. 07 Aug, 2006 5 commits
  7. 06 Aug, 2006 1 commit
  8. 05 Aug, 2006 2 commits
  9. 29 Jul, 2006 1 commit
    • unknown's avatar
      Fix after manual merge. · 1d0f873d
      unknown authored
      tests/mysql_client_test.c:
        Fix after manual merge: add test for bug#21206.
      1d0f873d
  10. 27 Jul, 2006 1 commit
    • unknown's avatar
      BUG#21206: memory corruption when too many cursors are opened at once · 7dbd43b1
      unknown authored
      Too many cursors (more than 1024) could lead to memory corruption.
      This affects both, stored routines and C API cursors, and the
      threshold is per-server, not per-connection.  Similarly, the
      corruption could happen when the server was under heavy load
      (executing more than 1024 simultaneous complex queries), and this is
      the reason why this bug is fixed in 4.1, which doesn't support
      cursors.
      
      The corruption was caused by a bug in the temporary tables code, when
      an attempt to create a table could lead to a write beyond allocated
      space.  Note, that only internal tables were affected (the tables
      created internally by the server to resolve the query), not tables
      created with CREATE TEMPORARY TABLE.  Another pre-condition for the
      bug is TRUE value of --temp-pool startup option, which, however, is a
      default.
      
      The cause of a bug was that random memory was overwritten in
      bitmap_set_next() due to out-of-bound memory access.
      
      
      mysys/my_bitmap.c:
        Local 'bitmap_size' is measured in bytes, no need to multiply it by 8.
      sql/sql_select.cc:
        Clear the temp_pool_slot bit only if we have set it previously.
      tests/mysql_client_test.c:
        Add test case for bug#21206: memory corruption when too many cursors
        are opened at once.
      7dbd43b1
  11. 24 Jul, 2006 1 commit
    • unknown's avatar
      A fix and a test case for Bug#15752 "Lost connection to MySQL server · 36510232
      unknown authored
      when calling a SP from C API"
      
      The bug was caused by lack of checks for misuse in mysql_real_query. 
      A stored procedure always returns at least one result, which is the 
      status of execution of the procedure itself.
      This result, or so-called OK packet, is similar to a result
      returned by INSERT/UPDATE/CREATE operations: it contains the overall
      status of execution, the number of affected rows and the number of
      warnings. The client test program attached to the bug did not read this 
      result and ivnoked the next query. In turn, libmysql had no check for 
      such scenario and mysql_real_query was simply trying to send that query 
      without reading the pending response, thus messing up the communication
      protocol.
      
      The fix is to return an error from mysql_real_query when it's called
      prior to retrieval of all pending results.
      
      
      client/mysqlbinlog.cc:
        net_safe_read -> cli_safe_read
      include/mysql.h:
        Remove a private function from the public header.
      include/mysql_com.h:
        Remove a define that is never used.
      include/sql_common.h:
        Add a declaration for cli_safe_read - a function that reads one packet
        from the server.
      libmysql/libmysql.c:
        net_safe_read -> cli_safe_read
        Return CR_COMMANDS_OUT_OF_SYNC on attempt to execute a statement
        using a connection which has pending result sets.
      sql-common/client.c:
        Actual fix for Bug#15752: if the server has pending result sets for
        the client, return CR_COMMANDS_OUT_OF_SYNC on attempt to execute
        another query. Similarly to the behaviour of mysql_use_result(),
        multiple result sets block the connection and must be fetched
        before it can be used for another query.
        This uncovered an error in the protocol: the server doesn't drop
        SERVER_MORE_RESULTS_EXISTS status flag upon an error, so in case of
        a multi-query like SELECT 1; SELECT syntax_error; SELECT 2; 
        the client has no way to know that the server won't ever come to 
        execution of the third query and won't return any result sets for it.
        For now, fix it in cli_safe_read, as a proper fix requires extension
        of the client-server protocol.
      sql/protocol.cc:
        Remove a name that is never used.
      sql/slave.cc:
        net_safe_read -> cli_safe_read
      tests/mysql_client_test.c:
        Make 'query' a local variable to avoid name clash.
        Add a test case for Bug#15752 "Lost connection to MySQL server when
        calling an SP from C API"
      36510232
  12. 18 Jul, 2006 1 commit
  13. 10 Jul, 2006 1 commit
    • unknown's avatar
      A patch to Bug#17667 didn't take into consideration that the vardir, which contains · 019e221c
      unknown authored
      the server's binlog file, might be set to a different directory.  This adds a new
      "vardir" parameter, which takes the name of the directory as a value, so that the 
      test_bug17667() test can find the binlog.  
      
      
      mysql-test/mysql-test-run.pl:
        Add the "vardir" to the options passed to "mysql_test_client", so we know 
        where to find the binlog file.
      tests/mysql_client_test.c:
        Receive a new option, "vardir".
        
        Use the vardir option to find the binlog file in test_bug17667() .
      019e221c
  14. 30 Jun, 2006 1 commit
    • unknown's avatar
      bug #20152: mysql_stmt_execute() overwrites parameter buffers · 86155590
      unknown authored
      When using a parameter bind MYSQL_TYPE_DATE in a prepared statement,
      the time part of the MYSQL_TIME buffer was written to zero in
      mysql_stmt_execute(). The param_store_date() function in libmysql.c
      worked directly on the provided buffer.
      Changed to use a copy of the buffer.
      
      
      libmysql/libmysql.c:
        fix for bug #20152
      tests/mysql_client_test.c:
        added test for bug#20152
      86155590
  15. 29 Jun, 2006 1 commit
    • unknown's avatar
      Bug#19671 mysql_list_fields returns incorrect table name for VIEWs · a7f9f7ae
      unknown authored
      After view onening real view db name and table name are placed
      into table_list->view_db & table_list->view_name.
      Item_field class does not handle these names properly during 
      intialization of Send_field.
      The fix is to use new class 'Item_ident_for_show' 
      which sets correct view db name and table name for Send_field.
      
      
      sql/item.cc:
        Bug#19671 mysql_list_fields returns incorrect table name for VIEWs
        new Item_ident_for_show class which correctly sets view db and table names
        for Send_field.
      sql/item.h:
        Bug#19671 mysql_list_fields returns incorrect table name for VIEWs
        new Item_ident_for_show class which correctly sets view db and table names
        for Send_field.
      sql/sql_show.cc:
        Bug#19671 mysql_list_fields returns incorrect table name for VIEWs
        new Item_ident_for_show is used for views
      tests/mysql_client_test.c:
        Bug#19671 mysql_list_fields returns incorrect table name for VIEWs
        test case
      a7f9f7ae
  16. 02 Jun, 2006 1 commit
  17. 23 May, 2006 2 commits
    • unknown's avatar
      don't let bugfix for bug#8303 break the bugfix for bug#8378 · 6a60acce
      unknown authored
      revert the fix for bug#8303
      correct the test for bug#8378
      
      
      mysql-test/r/ctype_sjis.result:
        updated
      mysql-test/t/ctype_sjis.test:
        updated
      sql/sql_lex.cc:
        revert the fix for bug#8303
      tests/mysql_client_test.c:
        correct the test for bug#8378
      6a60acce
    • unknown's avatar
      don't let bugfix for bug#8303 break the bugfix for bug#8378 · 17c4ddeb
      unknown authored
      revert the fix for bug#8303
      correct the test for bug#8378
      
      
      mysql-test/r/ctype_sjis.result:
        updated
      mysql-test/t/ctype_sjis.test:
        updated
      sql/sql_lex.cc:
        revert the fix for bug#8303
      tests/mysql_client_test.c:
        correct the test for bug#8378
      17c4ddeb
  18. 02 May, 2006 2 commits
    • unknown's avatar
      Fix a bunch of non-Linux compile failures. · 33417297
      unknown authored
      VC++Files/mysql.sln:
        mysql_client_test depends on mysys.
      VC++Files/mysys/mysys.vcproj:
        Add new file missing in previous push.
      mysys/my_memmem.c:
        Fix illegal pointer arithmetics on void *.
      tests/Makefile.am:
        -L must go before -l
      tests/mysql_client_test.c:
        No declarations after statement in C code.
      33417297
    • unknown's avatar
      SECURITY FIX · 3010890e
      unknown authored
      Bug#17667: An attacker has the opportunity to bypass query logging.
      
      This adds a new, local-only printf format specifier to our *printf functions
      that allows us to print known-size buffers that must not be interpreted as 
      NUL-terminated "strings."
      
      It uses this format-specifier to print to the log, thus fixing this 
      problem.
      
      
      include/my_sys.h:
        Add prototype for my_memmem() .
      mysys/Makefile.am:
        Add reference to new file, my_memmem.c
      mysys/mf_iocache2.c:
        Add a "%.1234b" and "%.*b" percent-code.  It takes a width, just like "%s", 
        but unlike the string-indicator, it requires the width and doesn't stop printing
        at NUL characters.
        
        Also, simplify the code a bit.
        
        TODO:  This code should be unified with the strings/my_vnsprintf.c code in 
        the future.
      sql/sql_parse.cc:
        The query is not a C-string, but is a sized buffer, containing any character 
        at all, which may include NUL characters.
      strings/my_vsnprintf.c:
        Add a "%.1234b" and "%.*b" percent-code.  It takes a width, just like "%s", 
        but unlike the string-indicator, it requires the width and doesn't stop printing
        at NUL characters.
      tests/Makefile.am:
        We may need some of our local functions.
      tests/mysql_client_test.c:
        Add a "%.1234b" and "%.*b" percent-code.  It takes a width, just like "%s", 
        but unlike the string-indicator, it requires the width and doesn't stop printing
        at NUL characters.
      mysql-test/t/mysql_client_test.opt:
        New BitKeeper file ``mysql-test/t/mysql_client_test.opt''
        
        Add '--log' server parameter.
      mysys/my_memmem.c:
        New BitKeeper file ``mysys/my_memmem.c''
        
        Implement memmem, a black-box work-alike of the GNU memmem(), which functions
        like strstr() but for arbitrary blocks of memory.
      3010890e
  19. 30 Mar, 2006 2 commits
  20. 04 Mar, 2006 2 commits
    • unknown's avatar
      Revert the changeset for Bug#16144 "mysql_stmt_attr_get type error": · 4391f938
      unknown authored
      it breaks binary compatibility. The patch will be left intact
      in 5.1.
      
      
      libmysql/libmysql.c:
        Revert the changeset for Bug#16144: it breaks binary compatibility.
      tests/mysql_client_test.c:
        Revert the changeset for Bug#16144: it breaks binary compatibility.
      4391f938
    • unknown's avatar
      Undo the patch for Bug#16144 "mysql_stmt_attr_get type error", · fb71f423
      unknown authored
      it breaks binary compatibility. The patch will be left intact
      in 5.1. Warning: this changeset should be null-merged into 5.1.
      A separate commit in order to push into the release clone of 
      5.0.19.
      
      
      libmysql/libmysql.c:
        Undo the patch for Bug#16144
      tests/mysql_client_test.c:
        Undo the patch for Bug#16144
      fb71f423
  21. 28 Feb, 2006 1 commit
    • unknown's avatar
      Fixed bug#14169: type of group_concat() result changed to blob if tmp_table was · ddbf62ca
      unknown authored
      used
      
      In a simple queries a result of the GROUP_CONCAT() function was always of 
      varchar type.
      But if length of GROUP_CONCAT() result is greater than 512 chars and temporary
      table is used during select then the result is converted to blob, due to
      policy to not to store fields longer than 512 chars in tmp table as varchar
      fields.
      
      In order to provide consistent behaviour, result of GROUP_CONCAT() now
      will always be converted to blob if it is longer than 512 chars.
      Item_func_group_concat::field_type() is modified accordingly.
      
      
      sql/item_sum.h:
        Fixed bug#14169: type of group_concat() result changed to blob if tmp_table was 
        used
        The Item_func_group_concat::field_type() now returns FIELD_TYPE_BLOB if the result is longer than 512 chars.
      tests/mysql_client_test.c:
        Added test case for bug#14169: type of group_concat() result changed to blob if tmp_table was used
      ddbf62ca
  22. 25 Feb, 2006 1 commit
  23. 15 Feb, 2006 1 commit
  24. 10 Feb, 2006 2 commits
    • unknown's avatar
      Bug#14013 mysql_stmt_store_result() bombs if a cursor is open · 101e618f
      unknown authored
       - Add code to 'mysql_stmt_store_result' to allow it to be called on 
         a prepared statement with open server side cursor.
       - Add tests to mysql_client_test that uses 'mysql_stmt_store_result'
      
      
      client/mysqltest.c:
        Enable cursor protocol(remove the ifdef BUG14013_FIXED)
        When running in cursor mode, the warnings from execute needs 
        to be extracted after mysql_stmt_execute, put them in a dynamic string 
        for later use.
        Untabify some tabs.
      libmysql/libmysql.c:
        Allow 'mysql_stmt_store_result' to be called on a statement with an open server side cursor.
        Detect that a server side cursor is open and send a "fetch" to ask for all rows to be sent to the client.
        Read all binary rows as normal store.
        Check that server said last row was sent after all binary rows has been sent.
      tests/mysql_client_test.c:
        Update 'fetch_n' function to take parameter indicating if 'mysql_stmt_store_result' should be used on the statement.
        Call fetch_n with parameter set to use 'mysql_stmt_store_result'
      101e618f
    • unknown's avatar
      fix test of bug 12744 on OSX · 2a098077
      unknown authored
      2a098077
  25. 02 Feb, 2006 1 commit
  26. 01 Feb, 2006 1 commit
    • unknown's avatar
      fix for bug #12744 (MYSQL_STMT operations cause seg fault after connection reset) · 1e686ae7
      unknown authored
      libmysql/libmysql.c:
        stmt->mysql could be 0x0 if the connection has failed between prepare and execute
        or any other operation. thus if the user decides to use mysql_stmt_reset()
        we should not segfault.
      tests/mysql_client_test.c:
        test for bug #12744 (MYSQL_STMT operations cause seg fault after connection reset)
      1e686ae7
  27. 26 Jan, 2006 1 commit
    • unknown's avatar
      Bug #15719 MYSQL_OPT_RECONNECT option is modified by mysql_real_connect · f220f892
      unknown authored
       - Move init of "reconnect" variable to mysql_init 
       - Add test case to mysql_client_test.
      
      
      sql-common/client.c:
        Move initialisation of reconnect variable to mysql_init instead of doing it in mysql_real_connect.
      tests/mysql_client_test.c:
        Add test to check that reconnect is not modified by a call to mysql_real_connect
      f220f892
  28. 18 Jan, 2006 1 commit
  29. 17 Jan, 2006 1 commit