Fix for Bug #27944 Filtering THD::client capabilities
The server used to trust blindly information from the client about its capabilities. During the connection handshake the server sends information about what it supports and then the client sends back a set of capabilities which cover all of the server's or less. Before this changeset the server didn't check whether the flags sent by the client were valid for the server. For example, if the server doesn't support compressed protocol but the client does and sends that bit turned on, the server didn't check it. The change make the server code less error prone to problems related to the value of THD::client_capabilities. Clearly there is no vulnerability being fixed but this is a maintainenance fix to prevent misusage in the future.
Showing
Please register or sign in to comment