bug #29801 Federated engine crashes local server

if remote server sends malicious response. We need to check if the SHOW TABLE STATUS query we issue inside the FEDERATED engine returned the result with the proper (or just sufficient) number of rows. Otherwise statements like row[12] can crash the server.

bug #29801 Federated engine crashes local server
if remote server sends malicious response. We need to check if the SHOW TABLE STATUS query we issue inside the FEDERATED engine returned the result with the proper (or just sufficient) number of rows. Otherwise statements like row[12] can crash the server.
f8958d05 · holyfoot/hf@mysql.com/hfmain.(none) · a6b5121b · f8958d05
Commit f8958d05 authored Oct 15, 2007 by holyfoot/hf@mysql.com/hfmain.(none)
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

sql/ha_federated.cc sql/ha_federated.cc +6 -1

No files found.
--- a/sql/ha_federated.cc
+++ b/sql/ha_federated.cc
@@ -2528,7 +2528,12 @@ int ha_federated::info(uint flag)
    status_query_string.length(0);

    result= mysql_store_result(mysql);
-    if (!result)
+
+    /*
+      We're going to use fields num. 4, 12 and 13 of the resultset,
+      so make sure we have these fields.
+    */
+    if (!result || (mysql_num_fields(result) < 14))
      goto error;

    if (!mysql_num_rows(result))