• Dmitry Shulga's avatar
    Fixed Bug#11764168 "56976: SEVERE DENIAL OF SERVICE IN PREPARED STATEMENTS". · 6c2f5e30
    Dmitry Shulga authored
    The problem was that server didn't check resulting size of prepared
    statement argument which was set using mysql_send_long_data() API.
    By calling mysql_send_long_data() several times it was possible
    to create overly big string and thus force server to allocate
    memory for it. There was no way to limit this allocation.
    
    The solution is to add check for size of result string against
    value of max_long_data_size start-up parameter. When intermediate
    string exceeds max_long_data_size value an appropriate error message
    is emitted.
    
    We can't use existing max_allowed_packet parameter for this purpose
    since its value is limited by 1GB and therefore using it as a limit
    for data set through mysql_send_long_data() API would have been an
    incompatible change. Newly introduced max_long_data_size parameter
    gets value from max_allowed_packet parameter unless its value is
    specified explicitly. This new parameter is marked as deprecated
    and will be eventually replaced by max_allowed_packet parameter.
    Value of max_long_data_size parameter can be set only at server
    startup.
    6c2f5e30
mysql_priv.h 97.7 KB