1. 12 Oct, 2006 1 commit
  2. 11 Oct, 2006 9 commits
  3. 09 Oct, 2006 2 commits
    • unknown's avatar
      Merge bk-internal.mysql.com:/home/bk/mysql-4.1-maint · 57efa768
      unknown authored
      into  zippy.cornsilk.net:/home/cmiller/work/mysql/bug17583/my41-bug17583
      
      
      client/mysql.cc:
        Auto merged
      57efa768
    • unknown's avatar
      Bug#17583: mysql drops connection when stdout is not writable · 76b353d3
      unknown authored
      When the client program had its stdout file descriptor closed by the calling
      shell, after some amount of work (enough to fill a socket buffer) the server 
      would complain about a packet error and then disconnect the client.
      
      This is a serious security problem.  If stdout is closed before the mysql is
      exec()d, then the first socket() call allocates file number 1 to communicate
      with the server.  Subsequent write()s to that file number (as when printing
      results that come back from the database) go back to the server instead in 
      the command channel.  So, one should be able to craft data which, upon being
      selected back from the server to the client, and injected into the command
      stream become valid MySQL protocol to do something nasty when sent /back/ to 
      the server.
      
      The solution is to close explicitly the file descriptor that we *printf() to, 
      so that the libc layer and the OS layer both agree that the file is closed.
      
      
      BitKeeper/etc/collapsed:
        BitKeeper file /home/cmiller/work/mysql/bug17583/my41-bug17583/BitKeeper/etc/collapsed
      client/mysql.cc:
        If standard output is not open (specifically, if dup() of its file number 
        fails) then we explicitly close it so that future uses of the file descriptor
        behave correctly for a closed file.
      mysql-test/r/mysql_client.result:
        Prove that the problem of writing SQL output to the command socket no longer
        exists.
      mysql-test/t/mysql_client.test:
        Prove that the problem of writing SQL output to the command socket no longer
        exists.
      76b353d3
  4. 04 Oct, 2006 2 commits
    • unknown's avatar
      Merge rolltop.ignatz42.dyndns.org:/mnt/storeage/bug19660/my41-bug19660 · ed13b0ee
      unknown authored
      into  rolltop.ignatz42.dyndns.org:/mnt/storeage/mysql-4.1-maint
      
      
      client/mysqldump.c:
        Auto merged
      ed13b0ee
    • unknown's avatar
      Fixes a number of problems with time/datetime <-> string conversion functions: · 634d3ff2
      unknown authored
      - bug #11655 "Wrong time is returning from nested selects - maximum time exists
      - input and output TIME values were not validated properly in several conversion functions
      - bug #20927 "sec_to_time treats big unsigned as signed"
      - integer overflows were not checked in several functions. As a result, input values like 2^32 or 3600*2^32 were treated as 0
      - BIGINT UNSIGNED values were treated as SIGNED in several functions
      - in cases where both input string truncation and out-of-range TIME value occur, only 'truncated incorrect time value' warning was produced
      
      
      include/my_time.h:
        Added defines for the TIME limits
        Added defines for the warning flags set by str_to_time() and check_time_range()
        Added check_time_range() declaration
      mysql-test/r/func_sapdb.result:
        Fixed testcases which relied on incorrect TIMEDIFF() behaviour
      mysql-test/r/func_time.result:
        Fixed testcase which relied on incorrect behaviour
        Added testcases for out-of-range values in SEC_TO_TIME(), TIME_TO_SEC(), ADDTIME(), SUBTIME() and EXTRACT()
      mysql-test/t/func_time.test:
        Added testcases for out-of-range values in SEC_TO_TIME(), TIME_TO_SEC(), ADDTIME(), SUBTIME() and EXTRACT()
      sql-common/my_time.c:
        Added check_time_range() to be used from str_to_time() and item_timefunc.cc
        Added new out-of-range flag to str_to_time() warnings
        Use '%u' instead of '%d' in my_*_to_str() because the arguments are unsigned
      sql/field.cc:
        Replaced out-of-range checks with checks for flags returned by str_to_time()
      sql/item_timefunc.cc:
        Added wrappers over make_datetime() and make_time() which perform out-of-range checks on input values
        Moved common code in Item_func_sec_to_time::val_str() and Item_func_sec_to_time::val_int() into a separate function sec_to_time()
        Replaced calls to make_datetime() with make_datetime_with_warn() in Item_func_add_time and Item_func_timediff
        Checks for 'unsigned int' overflows in Item_func_maketime
        Use make_time_with_warn() instead of make_time() in Item_func_maketime
        Fixed incorrect sizeof() in Item_func_str_to_date::get_time()
      sql/time.cc:
        Check for return value of str_to_time() along with warning flags
      634d3ff2
  5. 03 Oct, 2006 8 commits
  6. 02 Oct, 2006 13 commits
  7. 30 Sep, 2006 3 commits
  8. 29 Sep, 2006 2 commits