← Back to branch summary

~ubuntu-branches/ubuntu/lucid/mysql-dfsg-5.1/lucid-security

« back to all changes in this revision

Viewing changes to debian/patches/57_CVE-2010-1849.dpatch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-02-22 22:33:55 UTC
  • mfrom: (1.1.5)
  • Revision ID: package-import@ubuntu.com-20120222223355-or06x1euyk8n0ldi
Tags: 5.1.61-0ubuntu0.10.04.1
https://launchpad.net/bugs/937869
* SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
  (LP: #937869)
  - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
  - CVE-2011-2262
  - CVE-2012-0075
  - CVE-2012-0112
  - CVE-2012-0113
  - CVE-2012-0114
  - CVE-2012-0115
  - CVE-2012-0116
  - CVE-2012-0117
  - CVE-2012-0118
  - CVE-2012-0119
  - CVE-2012-0120
  - CVE-2012-0484
  - CVE-2012-0485
  - CVE-2012-0486
  - CVE-2012-0487
  - CVE-2012-0488
  - CVE-2012-0489
  - CVE-2012-0490
  - CVE-2012-0491
  - CVE-2012-0492
  - CVE-2012-0493
  - CVE-2012-0494
  - CVE-2012-0495
  - CVE-2012-0496
* Dropped patches unnecessary with 5.1.61:
  - debian/patches/90_mysql_safer_strmov.dpatch
  - debian/patches/51_ssl_test_certs.dpatch
  - debian/patches/52_CVE-2009-4030.dpatch
  - debian/patches/53_CVE-2009-4484.dpatch
  - debian/patches/54_CVE-2008-7247.dpatch
  - debian/patches/55_CVE-2010-1621.dpatch
  - debian/patches/56_CVE-2010-1850.dpatch
  - debian/patches/57_CVE-2010-1849.dpatch
  - debian/patches/58_CVE-2010-1848.dpatch
  - debian/patches/59_CVE-2010-1626.dpatch
  - debian/patches/60_CVE-2010-2008.dpatch
  - debian/patches/60_CVE-2010-3677.dpatch
  - debian/patches/60_CVE-2010-3678.dpatch
  - debian/patches/60_CVE-2010-3679.dpatch
  - debian/patches/60_CVE-2010-3680.dpatch
  - debian/patches/60_CVE-2010-3681.dpatch
  - debian/patches/60_CVE-2010-3682.dpatch
  - debian/patches/60_CVE-2010-3683.dpatch
  - debian/patches/60_CVE-2010-3833.dpatch
  - debian/patches/60_CVE-2010-3834.dpatch
  - debian/patches/60_CVE-2010-3835.dpatch
  - debian/patches/60_CVE-2010-3836.dpatch
  - debian/patches/60_CVE-2010-3837.dpatch
  - debian/patches/60_CVE-2010-3838.dpatch
  - debian/patches/60_CVE-2010-3839.dpatch
  - debian/patches/60_CVE-2010-3840.dpatch
  - debian/patches/61_disable_longfilename_test.dpatch
  - debian/patches/62_alter_table_fix.dpatch
  - debian/patches/63_cherrypick-upstream-49479.dpatch
  - debian/patches/10_readline_build_fix.dpatch
* debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
* debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
  debian/libmysqlclient-dev.docs: removed, no longer necessary.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/57_CVE-2010-1849.dpatch
1
 
#! /bin/sh /usr/share/dpatch/dpatch-run
2
 
# Description: fix denial of service via large packets
3
 
# Origin: backport, http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1-bugteam/revision/1810.3987.14
4
 
# Bug: http://bugs.mysql.com/bug.php?id=50974
5
 
# Bug: http://bugs.mysql.com/bug.php?id=53908
6
 
# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582526
7
 
 
8
 
@DPATCH@
9
 
diff -urNad mysql-dfsg-5.1-5.1.41~/include/mysql_com.h mysql-dfsg-5.1-5.1.41/include/mysql_com.h
10
 
--- mysql-dfsg-5.1-5.1.41~/include/mysql_com.h  2009-11-04 13:28:16.000000000 -0500
11
 
+++ mysql-dfsg-5.1-5.1.41/include/mysql_com.h   2010-05-26 08:03:31.000000000 -0400
12
 
@@ -277,6 +277,16 @@
13
 
   /** Client library sqlstate buffer. Set along with the error message. */
14
 
   char sqlstate[SQLSTATE_LENGTH+1];
15
 
   void *extension;
16
 
+#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY)
17
 
+  /*
18
 
+    Controls whether a big packet should be skipped.
19
 
+
20
 
+    Initially set to FALSE by default. Unauthenticated sessions must have
21
 
+    this set to FALSE so that the server can't be tricked to read packets
22
 
+    indefinitely.
23
 
+  */
24
 
+  my_bool skip_big_packet;
25
 
+#endif
26
 
 } NET;
27
 
 
28
 
 
29
 
diff -urNad mysql-dfsg-5.1-5.1.41~/sql/net_serv.cc mysql-dfsg-5.1-5.1.41/sql/net_serv.cc
30
 
--- mysql-dfsg-5.1-5.1.41~/sql/net_serv.cc      2009-11-04 13:31:01.000000000 -0500
31
 
+++ mysql-dfsg-5.1-5.1.41/sql/net_serv.cc       2010-05-26 08:03:31.000000000 -0400
32
 
@@ -136,6 +136,9 @@
33
 
 #else
34
 
   net->query_cache_query= 0;
35
 
 #endif
36
 
+#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY)
37
 
+  net->skip_big_packet= FALSE;
38
 
+#endif
39
 
 
40
 
   if (vio != 0)                                        /* If real connection */
41
 
   {
42
 
@@ -949,6 +952,7 @@
43
 
          {
44
 
 #if defined(MYSQL_SERVER) && !defined(NO_ALARM)
45
 
            if (!net->compress &&
46
 
+                net->skip_big_packet &&
47
 
                !my_net_skip_rest(net, (uint32) len, &alarmed, &alarm_buff))
48
 
              net->error= 3;            /* Successfully skiped packet */
49
 
 #endif
50
 
diff -urNad mysql-dfsg-5.1-5.1.41~/sql/sql_connect.cc mysql-dfsg-5.1-5.1.41/sql/sql_connect.cc
51
 
--- mysql-dfsg-5.1-5.1.41~/sql/sql_connect.cc   2009-11-04 13:31:04.000000000 -0500
52
 
+++ mysql-dfsg-5.1-5.1.41/sql/sql_connect.cc    2010-05-26 08:04:16.000000000 -0400
53
 
@@ -471,6 +471,15 @@
54
 
       }
55
 
       my_ok(thd);
56
 
       thd->password= test(passwd_len);          // remember for error messages 
57
 
+      /*
58
 
+        Allow the network layer to skip big packets. Although a malicious
59
 
+        authenticated session might use this to trick the server to read
60
 
+        big packets indefinitely, this is a previously established behavior
61
 
+        that needs to be preserved as to not break backwards compatibility.
62
 
+      */
63
 
+#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY)
64
 
+      thd->net.skip_big_packet= TRUE;
65
 
+#endif
66
 
       /* Ready to handle queries */
67
 
       DBUG_RETURN(0);
68
 
     }