Commit graph

1156 commits

Author SHA1 Message Date
Oleksandr Byelkin
fceda2dab6 Merge remote-tracking branch 'mysql/5.5' into 5.5
We do not accept:
1. We did not have this problem (fixed earlier and better)
 d982e717ab Bug#27510150: MYSQLDUMP FAILS FOR SPECIFIC --WHERE CLAUSES
2. We do not have such options (an DBUG_ASSERT put just in case)
 bbc2e37fe4 Bug#27759871: BACKRONYM ISSUE IS STILL IN MYSQL 5.7
3. Serg fixed it in other way in this release:
 e48d775c6f Bug#27980823: HEAP OVERFLOW VULNERABILITIES IN MYSQL CLIENT LIBRARY
2018-07-29 13:10:29 +02:00
Ivo Roylev
e48d775c6f Bug#27980823: HEAP OVERFLOW VULNERABILITIES IN MYSQL CLIENT LIBRARY
(cherry picked from commit b5b986b2cbd9a7848dc3f48e5c42b6d4e1e5fb22)
2018-06-15 18:31:38 +02:00
Vladislav Vaintroub
72b6d01848 MDEV-10246 ssl-* config file options have no effect without mysql_ssl_set()
Partially revert 4ef7497996
that caused regression.

Any ssl- option must imply use_ssl=1, even if mysql_set_ssl() was not
used.
2018-06-05 22:13:19 +01:00
Arun Kuruvila
bbc2e37fe4 Bug#27759871: BACKRONYM ISSUE IS STILL IN MYSQL 5.7
Description:- Client applications establishes connection to
server, which does not support SSL, via TCP even when SSL is
enforced via MYSQL_OPT_SSL_MODE or MYSQL_OPT_SSL_ENFORCE or
MYSQL_OPT_SSL_VERIFY_SERVER_CERT.

Analysis:- There exist no error handling for catching client
applications which enforces SSL connection to connect to a
server which does not support SSL.

Fix:- Error handling is done to catch above mentioned
scenarios.
2018-05-14 11:28:13 +05:30
Sergei Golubchik
1d58d184c2 protocol: verify that number of rows is correct 2018-05-04 14:40:19 +02:00
Sergei Golubchik
fab383aac0 Use after free in authentication 2018-05-01 00:30:17 +02:00
Sergei Golubchik
a52c46e069 Bug#25471090: MYSQL USE AFTER FREE
a better fix
2018-04-30 15:49:19 +02:00
Sergei Golubchik
5cfe52314e Bug#25471090: MYSQL USE AFTER FREE
fix another similar line

followup for 7828ba0df4
2018-04-27 11:32:19 +02:00
Sergei Golubchik
7828ba0df4 Bug#25471090: MYSQL USE AFTER FREE
in a specially crafted invalid packet, one can get end_pos < pos here
2018-04-19 22:49:19 +02:00
Sergei Golubchik
f5369faf5b don't disable SSL when connecting via libmysqld 2018-04-03 16:19:10 +02:00
Arun Kuruvila
e4784703ee Bug#25471090: MYSQL USE AFTER FREE
Description:- Mysql client crashes when trying to connect
to a fake server which is sending incorrect packets.

Analysis:- Mysql client crashes when it tries to read
server version details.

Fix:- A check is added in "red_one_row()".
2018-02-12 15:19:43 +05:30
Shishir Jaiswal
ecc5a07874 Bug#26585560 - MYSQL DAEMON SHOULD CREATE ITS PID FILE AS
ROOT

DESCRIPTION
===========
If the .pid file is created at a world-writable location,
it can be compromised by replacing the server's pid with
another running server's (or some other non-mysql process)
PID causing abnormal behaviour.

ANALYSIS
========
In such a case, user should be warned that .pid file is
being created at a world-writable location.

FIX
===
A new function is_file_or_dir_world_writable() is defined
and it is called in create_pid_file() before .pid file
creation. If the location is world-writable, a relevant
warning is thrown.

NOTE
====
1. PID file is always created with permission bit 0664, so
for outside world its read-only.
2. Ignoring the case when permission is denied to get the
dir stats since the .pid file creation would fail anyway in
such a case.
2017-12-02 15:12:32 +05:30
Sergei Golubchik
d76f5774fe MDEV-13459 Warnings, when compiling with gcc-7.x
mostly caused by -Wimplicit-fallthrough
2017-10-17 07:37:39 +02:00
Sergei Golubchik
c6ee3fe9d4 respect client's desire to force ssl even when WITH_SSL=NO
of course, this combination can never succeed,
we must fail to connect here.
2017-04-20 16:36:23 +02:00
Ramil Kalimullin
2531c8dcd1 BUG#25575605: SETTING --SSL-MODE=REQUIRED SENDS CREDENTIALS BEFORE VERIFYING SSL CONNECTION
MYSQL_OPT_SSL_MODE option introduced.
It is set in case of --ssl-mode=REQUIRED and permits only SSL connection.
2017-03-10 01:19:50 +04:00
Sergei Golubchik
eef2101489 MDEV-11933 Wrong usage of linked list in mysql_prune_stmt_list
mysql_prune_stmt_list() was walking the list following
element->next pointers, but inside the loop it was invoking
list_add(element) that modified element->next. So, mysql_prune_stmt_list()
failed to visit and reset all elements, and some of them were left
with pointers to invalid MYSQL.
2017-02-27 12:35:10 +01:00
Nisha Gopalakrishnan
7ec26b03a7 2017-02-16 11:50:09 +05:30
Sergei Golubchik
ae29ea2d86 Merge branch 'mysql/5.5' into 5.5 2016-06-14 13:55:28 +02:00
Arun Kuruvila
c7e68606c0 Bug#21920657: SSL-CA FAILS SILENTLY IF THE PATH CANNOT BE
FOUND

Description:- Failure during the validation of CA
certificate path which is provided as an option for 'ssl-ca'
returns two different errors for YaSSL and OPENSSL.

Analysis:- 'ssl-ca', option used for specifying the ssl ca
certificate path. Failing to validate this certificate with
OPENSSL returns an error, "ERROR 2026 (HY000): SSL
connection error: SSL_CTX_set_default_verify_paths failed".
While YASSL returns "ERROR 2026 (HY000): SSL connection
error: ASN: bad other signature confirmation". Error
returned by the OPENSSL is correct since
"SSL_CTX_load_verify_locations()" returns 0 (in case of
OPENSSL) for the failure and sets error as
"SSL_INITERR_BAD_PATHS". In case of YASSL,
"SSL_CTX_load_verify_locations()" returns an error number
which is less than or equal to 0 in case of error. Error
numbers for YASSL is mentioned in the file,
'extra/yassl/include/openssl/ssl.h'(line no : 292). Also
'ssl-ca' does not accept tilde home directory path
substitution.

Fix:- The condition which checks for the error in the
"SSL_CTX_load_verify_locations()" is changed in order to
accommodate YASSL as well. A logic is written in
"mysql_ssl_set()" in order accept the tilde home directory
path substitution for all ssl options.
2016-03-01 10:17:25 +05:30
Sergei Golubchik
f3444df415 Merge branch 'mysql/5.5' into 5.5
reverted about half of commits as either not applicable or
outright wrong
2016-02-09 11:27:40 +01:00
Georg Richter
8cf1f50967 MDEV-9112: Non-blocking client API missing on non-x86 platforms
The check for UCONTEXT in cmake was somehow become broken, disabling the
fallback to ucontext. This caused the non-blocking client API to not be
available for non-x86 platforms, on which no hand-crafted assembler
implementation of my_context is available.
2016-02-01 16:12:00 +01:00
Yashwant Sahu
13380bf81f Bug : CERTIFICATE VALIDATION BUG IN MYSQL MAY ALLOW MITM 2016-01-11 07:09:13 +05:30
Sergei Golubchik
f0d774d484 MDEV-9212 ssl-validate-cert incorrect hostname check
Reimplement ssl_verify_server_cert() using the logic
from https://wiki.openssl.org/index.php/Hostname_validation

The bug was discovered by Alex Gaynor.
2015-12-08 09:46:52 +01:00
Vicențiu Ciorbaru
4ef7497996 MDEV-7937: Enforce SSL when --ssl client option is used
Using --ssl-verify-server-cert and --ssl[-*] implies that
the ssl connection is required. The mysql client will now print an error if ssl
is required, but the server can not handle a ssl connection.
2015-06-09 16:08:14 +03:00
Sergei Golubchik
18215dd9fa MDEV-7859 SSL hostname verification fails for long subject names
Don't use a fixed buffer for X509_NAME_oneline() in the client.
Do as the server does - allocate it dynamically.

For a test - regenerate certificates to have the server cert with
a long subject.
2015-04-27 15:42:12 +02:00
Sergei Golubchik
5dce6aa1fe Merge remote-tracking branch 'bzr/5.5' into bb-5.5-merge 2015-02-12 13:14:55 +01:00
Sergei Golubchik
8e80f91fa3 Merge remote-tracking branch 'mysql/5.5' into bb-5.5-merge @ mysql-5.5.42 2015-02-11 23:50:40 +01:00
Alexey Botchkov
b9d616c243 MDEV-7435 Windows debug: Run-Time Check Failure - The variable 'unused' is being used without being initialized.
Fixed as it's done in 10.0.
2015-02-06 15:49:45 +04:00
Sergei Golubchik
8bc712e481 MDEV-6671 mysql_server_end breaks OpenSSL 2015-01-19 17:31:59 +01:00
Sergey Vojtovich
094640c036 Fixed a couple of compiler warnings. 2014-12-19 23:17:59 +04:00
Arun Kuruvila
a9b61b0029 Bug#17599258:- ERROR 1160 (08S01): GOT AN ERROR WRITING
COMMUNICATION PACKETS; FEDERATED TABLE

Description:- Execution of FLUSH TABLES on a federated
table which has been idle for wait_timeout (on the remote
server) + tcp_keepalive_time, fails with an error,
"ERROR 1160 (08S01): Got an error writing communication
packets."

Analysis:- During FLUSH TABLE execution the federated
table is closed which will inturn close the federated
connection. While closing the connection, federated server
tries to communincate with the remote server. Since the
connection was idle for wait_timeout(on the remote server)+
tcp_keepalive_time, the socket gets closed. So this
communication fails because of broken pipe and the error is
thrown. But federated connections are expected to reconnect
silently. And also it cannot reconnect because the 
"auto_reconnect" variable is set to 0 in "mysql_close()".

Fix:- Before closing the federated connection, in
"ha_federated_close()", a check is added which will verify
wheather the connection is alive or not. If the connection
is not alive, then "mysql->net.error" is set to 2 which
will indicate that the connetion is broken. Also the
setting of "auto_reconnect" variable to 0 is delayed and is
done after "COM_QUIT" command.
      
NOTE:- For reproducing this issue, "tcp_keepalive_time" has
to be set to a smaller value. This value is set in the
"/proc/sys/net/ipv4/tcp_keepalive_time" file in Unix
systems. So we need root permission for changing it, which
can't be done through mtr test. So submitting the patch
without mtr test.
2014-11-10 16:21:59 +05:30
Sergei Golubchik
1ddfce4840 mysql-5.5.40 2014-10-06 19:53:55 +02:00
Georgi Kodinov
229cb8ec88 Bug : MULTIPLE SECURITY ISSUES IN CERTIFICATE VALIDATION
the 5.5 version of the fix.
Added a call to X509_verify_cert_error_string() into the client certificate
verification code.
2014-07-31 12:52:49 +03:00
Georgi Kodinov
10956689cb Bug : MULTIPLE SECURITY ISSUES IN CERTIFICATE VALIDATION
the 5.5 version of the fix.
Added a call to X509_verify_cert_error_string() into the client certificate
verification code.
2014-07-31 12:52:49 +03:00
Alexander Barkov
284479c085 Merge 5.3->5.5 2014-06-04 21:53:15 +04:00
Alexander Barkov
661daf16f1 MDEV-4858 Wrong results for a huge unsigned value inserted into a TIME column
MDEV-6099 Bad results for DATE_ADD(.., INTERVAL 2000000000000000000.0 SECOND)
MDEV-6097 Inconsistent results for CAST(int,decimal,double AS DATETIME)
MDEV-6100 No warning on CAST(9000000 AS TIME)
2014-06-04 20:32:57 +04:00
Sergei Golubchik
5d16592d44 mysql-5.5.38 merge 2014-06-03 09:55:08 +02:00
Igor Solodovnikov
22e9aa1c1a Bug MYSQL_GET_SERVER_VERSION() CALL WITHOUT A VALID CONNECTION RESULTS IN SEG FAULT
When there is no connection mysql_get_server_version() will return 0
and report CR_COMMANDS_OUT_OF_SYNC error.
2014-04-17 16:33:55 +03:00
Igor Solodovnikov
9688cbc250 Bug MYSQL_GET_SERVER_VERSION() CALL WITHOUT A VALID CONNECTION RESULTS IN SEG FAULT
When there is no connection mysql_get_server_version() will return 0
and report CR_COMMANDS_OUT_OF_SYNC error.
2014-04-17 16:33:55 +03:00
Sergei Golubchik
5d0c01608c 5.2 merge 2014-03-16 21:03:01 +01:00
Sergei Golubchik
e772cbd7b7 5.1 merge 2014-03-16 13:59:44 +01:00
Sergei Golubchik
d7304375e5 mysql-5.1.73 merge 2014-03-15 18:24:15 +01:00
Sergei Golubchik
84651126c0 MySQL-5.5.36 merge
(without few incorrect bugfixes and with 1250 files where only a copyright year was changed)
2014-02-17 11:00:51 +01:00
Sergei Golubchik
37d240ecf9 MySQL-5.5.35 merge 2014-01-22 15:29:36 +01:00
Murthy Narkedimilli
c92223e198 Updated/added copyright headers 2014-01-06 10:52:35 +05:30
Murthy Narkedimilli
496abd0814 Updated/added copyright headers 2014-01-06 10:52:35 +05:30
Alexander Barkov
b97b9536c7 MDEV-4857 Wrong result of HOUR('1 00:00:00')
modified:
  mysql-test/r/func_time.result
  mysql-test/t/func_time.test
  sql-common/my_time.c
  sql/item_func.h
  sql/item_timefunc.cc
  sql/mysql_priv.h
  sql/time.cc
2013-12-02 15:09:34 +04:00
Alexander Barkov
5a8bd446ad Merge 5.3->5.5
pending merges:
  Alexander Barkov 2013-12-02 MDEV-4857 Wrong result of HOUR('1 00:00:00')
2013-12-02 15:50:35 +04:00
Igor Solodovnikov
ee15c1fd5f Bug MEMORY LEAK IN MYSQL_OPTIONS WHILE CALLING WITH OPTION MYSQL_SET_CLIENT_IP
Memory Leak in mysql_options() was caused by missing call
to my_free() in MYSQL_SET_CLIENT_IP branch. Fixed by adding
my_free() to cleanup mysql->options.client_ip value before
assigning new value.
2013-08-30 20:22:09 +03:00
Igor Solodovnikov
730fb2881f Bug MEMORY LEAK IN MYSQL_OPTIONS WHILE CALLING WITH OPTION MYSQL_SET_CLIENT_IP
Memory Leak in mysql_options() was caused by missing call
to my_free() in MYSQL_SET_CLIENT_IP branch. Fixed by adding
my_free() to cleanup mysql->options.client_ip value before
assigning new value.
2013-08-30 20:22:09 +03:00