• unknown's avatar
    A fix and a test case for Bug#16365 "Prepared Statements: DoS with · 5b5530da
    unknown authored
    too many open statements". The patch adds a new global variable
    @@max_prepared_stmt_count. This variable limits the total number
    of prepared statements in the server. The default value of
    @@max_prepared_stmt_count is 16382. 16382 small statements
    (a select against 3 tables with GROUP, ORDER and LIMIT) consume 
    100MB of RAM. Once this limit has been reached, the server will 
    refuse to prepare a new statement and return ER_UNKNOWN_ERROR 
    (unfortunately, we can't add new errors to 4.1 without breaking 5.0). The limit is changeable after startup
    and can accept any value from 0 to 1 million. In case
    the new value of the limit is less than the current
    statement count, no new statements can be added, while the old
    still can be used. Additionally, the current count of prepared 
    statements is now available through a global read-only variable 
    @@prepared_stmt_count.
    
    
    mysql-test/r/ps.result:
      Test results fixed (a test case for Bug#16365)
    mysql-test/t/ps.test:
      A test case for Bug#16365 "Prepared Statements: DoS with too many 
      open statements". Also fix statement leaks in other tests.
    sql/mysql_priv.h:
      Add declarations for new global variables.
    sql/mysqld.cc:
      Add definitions of max_prepared_stmt_count, prepared_stmt_count.
    sql/set_var.cc:
      Implement support for @@prepared_stmt_count and 
      @@max_prepared_stmt_count. Currently these variables are queried
      without acquiring LOCK_prepared_stmt_count due to limitations of
      the set_var/sys_var class design. Updates are, however, protected 
      with a lock.
    sql/set_var.h:
      New declarations to add support for @@max_prepared_stmt_count.
      Implement a new class, where the lock to be used when updating
      a variable is a parameter.
    sql/sql_class.cc:
      Add accounting of the total number of prepared statements in the
      server to the methods of Statement_map.
    sql/sql_class.h:
      Add accounting of the total number of prepared statements in the
      server to the methods of Statement_map.
    sql/sql_prepare.cc:
      Statement_map::insert will now send a message in case of an
      error.
    5b5530da
sql_class.cc 45.9 KB