Commit dcd9f246 authored by Tor Didriksen's avatar Tor Didriksen

Bug #59632 Assertion failed: arg_length > length

The problem was overflow in max_length when we tried to des_decrypt()
something which is not the output of des_encrypt()


mysql-test/r/ssl_and_innodb.result:
  New test case.
mysql-test/t/ssl_and_innodb.test:
  New test case.
sql/item_strfunc.h:
  Do not subtract the encrypt overhead (9U) if args[0] has length < 9
  (In unsigned arithmetic, (1-9) becomes a very large number)
parent cee1b3dd
CREATE TABLE t1(a int) engine=innodb;
INSERT INTO t1 VALUES (1);
SELECT DISTINCT
convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d
FROM t1 ;
d
2
DROP TABLE t1;
-- source include/have_innodb.inc
-- source include/have_ssl_crypto_functs.inc
CREATE TABLE t1(a int) engine=innodb;
INSERT INTO t1 VALUES (1);
SELECT DISTINCT
convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d
FROM t1 ;
DROP TABLE t1;
#ifndef ITEM_STRFUNC_INCLUDED
#define ITEM_STRFUNC_INCLUDED
/* Copyright (C) 2000-2003 MySQL AB
/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -361,7 +361,9 @@ class Item_func_des_decrypt :public Item_str_func
{
maybe_null=1;
/* 9 = MAX ((8- (arg_len % 8)) + 1) */
max_length = args[0]->max_length - 9;
max_length= args[0]->max_length;
if (max_length >= 9U)
max_length-= 9U;
}
const char *func_name() const { return "des_decrypt"; }
};
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment