Commit 74394b27 authored by unknown's avatar unknown

Merge lambda.hsd1.co.comcast.net.:/home/malff/TREE/mysql-5.0-base

into  lambda.hsd1.co.comcast.net.:/home/malff/TREE/mysql-5.0-rt-merge

parents 1de7e5c0 2ace967a
...@@ -706,7 +706,8 @@ int cli_read_change_user_result(MYSQL *mysql, char *buff, const char *passwd) ...@@ -706,7 +706,8 @@ int cli_read_change_user_result(MYSQL *mysql, char *buff, const char *passwd)
my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user, my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user,
const char *passwd, const char *db) const char *passwd, const char *db)
{ {
char buff[512],*end=buff; char buff[USERNAME_LENGTH+SCRAMBLED_PASSWORD_CHAR_LENGTH+NAME_LEN+2];
char *end= buff;
int rc; int rc;
DBUG_ENTER("mysql_change_user"); DBUG_ENTER("mysql_change_user");
...@@ -716,7 +717,7 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user, ...@@ -716,7 +717,7 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user,
passwd=""; passwd="";
/* Store user into the buffer */ /* Store user into the buffer */
end=strmov(end,user)+1; end= strmake(end, user, USERNAME_LENGTH) + 1;
/* write scrambled password according to server capabilities */ /* write scrambled password according to server capabilities */
if (passwd[0]) if (passwd[0])
...@@ -736,7 +737,7 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user, ...@@ -736,7 +737,7 @@ my_bool STDCALL mysql_change_user(MYSQL *mysql, const char *user,
else else
*end++= '\0'; /* empty password */ *end++= '\0'; /* empty password */
/* Add database if needed */ /* Add database if needed */
end= strmov(end, db ? db : "") + 1; end= strmake(end, db ? db : "", NAME_LEN) + 1;
/* Write authentication package */ /* Write authentication package */
simple_command(mysql,COM_CHANGE_USER, buff,(ulong) (end-buff),1); simple_command(mysql,COM_CHANGE_USER, buff,(ulong) (end-buff),1);
......
...@@ -4096,4 +4096,39 @@ SELECT `x` FROM v3; ...@@ -4096,4 +4096,39 @@ SELECT `x` FROM v3;
x x
1 1
DROP VIEW v1, v2, v3; DROP VIEW v1, v2, v3;
#
# Bug#30736: Row Size Too Large Error Creating a Table and
# Inserting Data.
#
DROP TABLE IF EXISTS t1;
DROP TABLE IF EXISTS t2;
CREATE TABLE t1(
c1 DECIMAL(10, 2),
c2 FLOAT);
INSERT INTO t1 VALUES (0, 1), (2, 3), (4, 5);
CREATE TABLE t2(
c3 DECIMAL(10, 2))
SELECT
c1 * c2 AS c3
FROM t1;
SELECT * FROM t1;
c1 c2
0.00 1
2.00 3
4.00 5
SELECT * FROM t2;
c3
0.00
6.00
20.00
DROP TABLE t1;
DROP TABLE t2;
End of 5.0 tests End of 5.0 tests
...@@ -3484,4 +3484,52 @@ DROP VIEW v1, v2, v3; ...@@ -3484,4 +3484,52 @@ DROP VIEW v1, v2, v3;
--enable_ps_protocol --enable_ps_protocol
###########################################################################
--echo
--echo #
--echo # Bug#30736: Row Size Too Large Error Creating a Table and
--echo # Inserting Data.
--echo #
--disable_warnings
DROP TABLE IF EXISTS t1;
DROP TABLE IF EXISTS t2;
--enable_warnings
--echo
CREATE TABLE t1(
c1 DECIMAL(10, 2),
c2 FLOAT);
--echo
INSERT INTO t1 VALUES (0, 1), (2, 3), (4, 5);
--echo
CREATE TABLE t2(
c3 DECIMAL(10, 2))
SELECT
c1 * c2 AS c3
FROM t1;
--echo
SELECT * FROM t1;
--echo
SELECT * FROM t2;
--echo
DROP TABLE t1;
DROP TABLE t2;
--echo
###########################################################################
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -311,7 +311,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -311,7 +311,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
continue; continue;
} }
const char *password= get_field(&mem, table->field[2]); const char *password= get_field(thd->mem_root, table->field[2]);
uint password_len= password ? strlen(password) : 0; uint password_len= password ? strlen(password) : 0;
set_user_salt(&user, password, password_len); set_user_salt(&user, password, password_len);
if (user.salt_len == 0 && password_len != 0) if (user.salt_len == 0 && password_len != 0)
...@@ -364,7 +364,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -364,7 +364,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
/* Starting from 4.0.2 we have more fields */ /* Starting from 4.0.2 we have more fields */
if (table->s->fields >= 31) if (table->s->fields >= 31)
{ {
char *ssl_type=get_field(&mem, table->field[next_field++]); char *ssl_type=get_field(thd->mem_root, table->field[next_field++]);
if (!ssl_type) if (!ssl_type)
user.ssl_type=SSL_TYPE_NONE; user.ssl_type=SSL_TYPE_NONE;
else if (!strcmp(ssl_type, "ANY")) else if (!strcmp(ssl_type, "ANY"))
...@@ -378,11 +378,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -378,11 +378,11 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
user.x509_issuer= get_field(&mem, table->field[next_field++]); user.x509_issuer= get_field(&mem, table->field[next_field++]);
user.x509_subject= get_field(&mem, table->field[next_field++]); user.x509_subject= get_field(&mem, table->field[next_field++]);
char *ptr = get_field(&mem, table->field[next_field++]); char *ptr = get_field(thd->mem_root, table->field[next_field++]);
user.user_resource.questions=ptr ? atoi(ptr) : 0; user.user_resource.questions=ptr ? atoi(ptr) : 0;
ptr = get_field(&mem, table->field[next_field++]); ptr = get_field(thd->mem_root, table->field[next_field++]);
user.user_resource.updates=ptr ? atoi(ptr) : 0; user.user_resource.updates=ptr ? atoi(ptr) : 0;
ptr = get_field(&mem, table->field[next_field++]); ptr = get_field(thd->mem_root, table->field[next_field++]);
user.user_resource.conn_per_hour= ptr ? atoi(ptr) : 0; user.user_resource.conn_per_hour= ptr ? atoi(ptr) : 0;
if (user.user_resource.questions || user.user_resource.updates || if (user.user_resource.questions || user.user_resource.updates ||
user.user_resource.conn_per_hour) user.user_resource.conn_per_hour)
...@@ -391,7 +391,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -391,7 +391,7 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
if (table->s->fields >= 36) if (table->s->fields >= 36)
{ {
/* Starting from 5.0.3 we have max_user_connections field */ /* Starting from 5.0.3 we have max_user_connections field */
ptr= get_field(&mem, table->field[next_field++]); ptr= get_field(thd->mem_root, table->field[next_field++]);
user.user_resource.user_conn= ptr ? atoi(ptr) : 0; user.user_resource.user_conn= ptr ? atoi(ptr) : 0;
} }
else else
...@@ -4898,6 +4898,7 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop, ...@@ -4898,6 +4898,7 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
byte user_key[MAX_KEY_LENGTH]; byte user_key[MAX_KEY_LENGTH];
uint key_prefix_length; uint key_prefix_length;
DBUG_ENTER("handle_grant_table"); DBUG_ENTER("handle_grant_table");
THD *thd= current_thd;
if (! table_no) // mysql.user table if (! table_no) // mysql.user table
{ {
...@@ -4965,17 +4966,18 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop, ...@@ -4965,17 +4966,18 @@ static int handle_grant_table(TABLE_LIST *tables, uint table_no, bool drop,
DBUG_PRINT("info",("scan error: %d", error)); DBUG_PRINT("info",("scan error: %d", error));
continue; continue;
} }
if (! (host= get_field(&mem, host_field))) if (! (host= get_field(thd->mem_root, host_field)))
host= ""; host= "";
if (! (user= get_field(&mem, user_field))) if (! (user= get_field(thd->mem_root, user_field)))
user= ""; user= "";
#ifdef EXTRA_DEBUG #ifdef EXTRA_DEBUG
DBUG_PRINT("loop",("scan fields: '%s'@'%s' '%s' '%s' '%s'", DBUG_PRINT("loop",("scan fields: '%s'@'%s' '%s' '%s' '%s'",
user, host, user, host,
get_field(&mem, table->field[1]) /*db*/, get_field(thd->mem_root, table->field[1]) /*db*/,
get_field(&mem, table->field[3]) /*table*/, get_field(thd->mem_root, table->field[3]) /*table*/,
get_field(&mem, table->field[4]) /*column*/)); get_field(thd->mem_root,
table->field[4]) /*column*/));
#endif #endif
if (strcmp(user_str, user) || if (strcmp(user_str, user) ||
my_strcasecmp(system_charset_info, host_str, host)) my_strcasecmp(system_charset_info, host_str, host))
......
...@@ -955,8 +955,8 @@ static int mysql_prepare_table(THD *thd, HA_CREATE_INFO *create_info, ...@@ -955,8 +955,8 @@ static int mysql_prepare_table(THD *thd, HA_CREATE_INFO *create_info,
sql_field->length= dup_field->char_length; sql_field->length= dup_field->char_length;
sql_field->pack_length= dup_field->pack_length; sql_field->pack_length= dup_field->pack_length;
sql_field->key_length= dup_field->key_length; sql_field->key_length= dup_field->key_length;
sql_field->create_length_to_internal_length();
sql_field->decimals= dup_field->decimals; sql_field->decimals= dup_field->decimals;
sql_field->create_length_to_internal_length();
sql_field->unireg_check= dup_field->unireg_check; sql_field->unireg_check= dup_field->unireg_check;
/* /*
We're making one field from two, the result field will have We're making one field from two, the result field will have
......
...@@ -15864,6 +15864,99 @@ static void test_bug29306() ...@@ -15864,6 +15864,99 @@ static void test_bug29306()
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
} }
/**
Bug#31669 Buffer overflow in mysql_change_user()
*/
#define LARGE_BUFFER_SIZE 2048
static void test_bug31669()
{
int rc;
static char buff[LARGE_BUFFER_SIZE+1];
#ifndef EMBEDDED_LIBRARY
static char user[USERNAME_LENGTH+1];
static char db[NAME_LEN+1];
static char query[LARGE_BUFFER_SIZE*2];
#endif
DBUG_ENTER("test_bug31669");
myheader("test_bug31669");
rc= mysql_change_user(mysql, NULL, NULL, NULL);
DIE_UNLESS(rc);
rc= mysql_change_user(mysql, "", "", "");
DIE_UNLESS(rc);
memset(buff, 'a', sizeof(buff));
rc= mysql_change_user(mysql, buff, buff, buff);
DIE_UNLESS(rc);
rc = mysql_change_user(mysql, opt_user, opt_password, current_db);
DIE_UNLESS(!rc);
#ifndef EMBEDDED_LIBRARY
memset(db, 'a', sizeof(db));
db[NAME_LEN]= 0;
strxmov(query, "CREATE DATABASE IF NOT EXISTS ", db, NullS);
rc= mysql_query(mysql, query);
myquery(rc);
memset(user, 'b', sizeof(user));
user[USERNAME_LENGTH]= 0;
memset(buff, 'c', sizeof(buff));
buff[LARGE_BUFFER_SIZE]= 0;
strxmov(query, "GRANT ALL PRIVILEGES ON *.* TO '", user, "'@'%' IDENTIFIED BY "
"'", buff, "' WITH GRANT OPTION", NullS);
rc= mysql_query(mysql, query);
myquery(rc);
rc= mysql_query(mysql, "FLUSH PRIVILEGES");
myquery(rc);
rc= mysql_change_user(mysql, user, buff, db);
DIE_UNLESS(!rc);
user[USERNAME_LENGTH-1]= 'a';
rc= mysql_change_user(mysql, user, buff, db);
DIE_UNLESS(rc);
user[USERNAME_LENGTH-1]= 'b';
buff[LARGE_BUFFER_SIZE-1]= 'd';
rc= mysql_change_user(mysql, user, buff, db);
DIE_UNLESS(rc);
buff[LARGE_BUFFER_SIZE-1]= 'c';
db[NAME_LEN-1]= 'e';
rc= mysql_change_user(mysql, user, buff, db);
DIE_UNLESS(rc);
db[NAME_LEN-1]= 'a';
rc= mysql_change_user(mysql, user, buff, db);
DIE_UNLESS(!rc);
rc= mysql_change_user(mysql, user + 1, buff + 1, db + 1);
DIE_UNLESS(rc);
rc = mysql_change_user(mysql, opt_user, opt_password, current_db);
DIE_UNLESS(!rc);
strxmov(query, "DROP DATABASE ", db, NullS);
rc= mysql_query(mysql, query);
myquery(rc);
strxmov(query, "DELETE FROM mysql.user WHERE User='", user, "'", NullS);
rc= mysql_query(mysql, query);
myquery(rc);
DIE_UNLESS(mysql_affected_rows(mysql) == 1);
#endif
DBUG_VOID_RETURN;
}
/* /*
Read and parse arguments and MySQL options from my.cnf Read and parse arguments and MySQL options from my.cnf
*/ */
...@@ -16156,6 +16249,7 @@ static struct my_tests_st my_tests[]= { ...@@ -16156,6 +16249,7 @@ static struct my_tests_st my_tests[]= {
{ "test_bug27592", test_bug27592 }, { "test_bug27592", test_bug27592 },
{ "test_bug29948", test_bug29948 }, { "test_bug29948", test_bug29948 },
{ "test_bug29306", test_bug29306 }, { "test_bug29306", test_bug29306 },
{ "test_bug31669", test_bug31669 },
{ 0, 0 } { 0, 0 }
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment