1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
# Description: fix denial of service via large packets
3
# Origin: backport, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1-bugteam/revision/1810.3987.14
4
# Bug: http://bugs.mysql.com/bug.php?id=50974
5
# Bug: http://bugs.mysql.com/bug.php?id=53908
6
# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582526
9
diff -urNad mysql-dfsg-5.1-5.1.41~/include/mysql_com.h mysql-dfsg-5.1-5.1.41/include/mysql_com.h
10
--- mysql-dfsg-5.1-5.1.41~/include/mysql_com.h 2009-11-04 13:28:16.000000000 -0500
11
+++ mysql-dfsg-5.1-5.1.41/include/mysql_com.h 2010-05-26 08:03:31.000000000 -0400
13
/** Client library sqlstate buffer. Set along with the error message. */
14
char sqlstate[SQLSTATE_LENGTH+1];
16
+#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY)
18
+ Controls whether a big packet should be skipped.
20
+ Initially set to FALSE by default. Unauthenticated sessions must have
21
+ this set to FALSE so that the server can't be tricked to read packets
24
+ my_bool skip_big_packet;
29
diff -urNad mysql-dfsg-5.1-5.1.41~/sql/net_serv.cc mysql-dfsg-5.1-5.1.41/sql/net_serv.cc
30
--- mysql-dfsg-5.1-5.1.41~/sql/net_serv.cc 2009-11-04 13:31:01.000000000 -0500
31
+++ mysql-dfsg-5.1-5.1.41/sql/net_serv.cc 2010-05-26 08:03:31.000000000 -0400
34
net->query_cache_query= 0;
36
+#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY)
37
+ net->skip_big_packet= FALSE;
40
if (vio != 0) /* If real connection */
44
#if defined(MYSQL_SERVER) && !defined(NO_ALARM)
46
+ net->skip_big_packet &&
47
!my_net_skip_rest(net, (uint32) len, &alarmed, &alarm_buff))
48
net->error= 3; /* Successfully skiped packet */
50
diff -urNad mysql-dfsg-5.1-5.1.41~/sql/sql_connect.cc mysql-dfsg-5.1-5.1.41/sql/sql_connect.cc
51
--- mysql-dfsg-5.1-5.1.41~/sql/sql_connect.cc 2009-11-04 13:31:04.000000000 -0500
52
+++ mysql-dfsg-5.1-5.1.41/sql/sql_connect.cc 2010-05-26 08:04:16.000000000 -0400
56
thd->password= test(passwd_len); // remember for error messages
58
+ Allow the network layer to skip big packets. Although a malicious
59
+ authenticated session might use this to trick the server to read
60
+ big packets indefinitely, this is a previously established behavior
61
+ that needs to be preserved as to not break backwards compatibility.
63
+#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY)
64
+ thd->net.skip_big_packet= TRUE;
66
/* Ready to handle queries */