644
#ifndef EMBEDDED_LIBRARY
646
/** Get a string according to the protocol of the underlying buffer. */
647
typedef char * (*get_proto_string_func_t) (char **, size_t *, size_t *);
650
Get a string formatted according to the 4.1 version of the MySQL protocol.
652
@param buffer[in, out] Pointer to the user-supplied buffer to be scanned.
653
@param max_bytes_available[in, out] Limit the bytes to scan.
654
@param string_length[out] The number of characters scanned not including
657
@remark Strings are always null character terminated in this version of the
660
@remark The string_length does not include the terminating null character.
661
However, after the call, the buffer is increased by string_length+1
662
bytes, beyond the null character if there still available bytes to
665
@return pointer to beginning of the string scanned.
666
@retval NULL The buffer content is malformed
670
char *get_41_protocol_string(char **buffer,
671
size_t *max_bytes_available,
672
size_t *string_length)
674
char *str= (char *)memchr(*buffer, '\0', *max_bytes_available);
679
*string_length= (size_t)(str - *buffer);
680
*max_bytes_available-= *string_length + 1;
682
*buffer += *string_length + 1;
689
Get a string formatted according to the 4.0 version of the MySQL protocol.
691
@param buffer[in, out] Pointer to the user-supplied buffer to be scanned.
692
@param max_bytes_available[in, out] Limit the bytes to scan.
693
@param string_length[out] The number of characters scanned not including
696
@remark If there are not enough bytes left after the current position of
697
the buffer to satisfy the current string, the string is considered
698
to be empty and a pointer to empty_c_string is returned.
700
@remark A string at the end of the packet is not null terminated.
702
@return Pointer to beginning of the string scanned, or a pointer to a empty
706
char *get_40_protocol_string(char **buffer,
707
size_t *max_bytes_available,
708
size_t *string_length)
713
/* No bytes to scan left, treat string as empty. */
714
if ((*max_bytes_available) == 0)
717
return empty_c_string;
720
str= (char *) memchr(*buffer, '\0', *max_bytes_available);
723
If the string was not null terminated by the client,
724
the remainder of the packet is the string. Otherwise,
725
advance the buffer past the end of the null terminated
729
len= *string_length= *max_bytes_available;
731
len= (*string_length= (size_t)(str - *buffer)) + 1;
735
*max_bytes_available-= len;
742
Get a length encoded string from a user-supplied buffer.
744
@param buffer[in, out] The buffer to scan; updates position after scan.
745
@param max_bytes_available[in, out] Limit the number of bytes to scan
746
@param string_length[out] Number of characters scanned
748
@remark In case the length is zero, then the total size of the string is
749
considered to be 1 byte; the size byte.
751
@return pointer to first byte after the header in buffer.
752
@retval NULL The buffer content is malformed
756
char *get_length_encoded_string(char **buffer,
757
size_t *max_bytes_available,
758
size_t *string_length)
760
if (*max_bytes_available == 0)
763
/* Do double cast to prevent overflow from signed / unsigned conversion */
764
size_t str_len= (size_t)(unsigned char)**buffer;
767
If the length encoded string has the length 0
768
the total size of the string is only one byte long (the size byte)
775
Return a pointer to the 0 character so the return value will be
781
if (str_len >= *max_bytes_available)
784
char *str= *buffer+1;
785
*string_length= str_len;
786
*max_bytes_available-= *string_length + 1;
787
*buffer+= *string_length + 1;
634
793
Perform handshake, authorize client and update thd ACL variables.
776
940
if (thd->packet.alloc(thd->variables.net_buffer_length))
777
941
return 1; /* The error is set by alloc(). */
779
thd->client_capabilities= uint2korr(net->read_pos);
780
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
782
thd->client_capabilities|= ((ulong) uint2korr(net->read_pos+2)) << 16;
783
thd->max_client_packet_length= uint4korr(net->read_pos+4);
784
DBUG_PRINT("info", ("client_character_set: %d", (uint) net->read_pos[8]));
785
thd_init_client_charset(thd, (uint) net->read_pos[8]);
786
thd->update_charset();
787
end= (char*) net->read_pos+32;
791
thd->max_client_packet_length= uint3korr(net->read_pos+2);
792
end= (char*) net->read_pos+5;
943
uint charset_code= 0;
944
end= (char *)net->read_pos;
946
In order to safely scan a head for '\0' string terminators
947
we must keep track of how many bytes remain in the allocated
948
buffer or we might read past the end of the buffer.
950
size_t bytes_remaining_in_packet= pkt_len;
953
Peek ahead on the client capability packet and determine which version of
954
the protocol should be used.
956
if (bytes_remaining_in_packet < 2)
959
thd->client_capabilities= uint2korr(end);
962
Connector/J only sends client capabilities (4 bytes) before starting SSL
963
negotiation so we don't have char_set and other information for client in
964
packet read. In that case, skip reading those information. The below code
967
if(bytes_remaining_in_packet == AUTH_PACKET_HEADER_SIZE_CONNJ_SSL &&
968
(thd->client_capabilities & CLIENT_SSL))
970
thd->client_capabilities= uint4korr(end);
971
thd->max_client_packet_length= global_system_variables.max_allowed_packet;
972
charset_code= default_charset_info->number;
973
end+= AUTH_PACKET_HEADER_SIZE_CONNJ_SSL;
974
bytes_remaining_in_packet-= AUTH_PACKET_HEADER_SIZE_CONNJ_SSL;
978
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
979
packet_has_required_size= bytes_remaining_in_packet >=
980
AUTH_PACKET_HEADER_SIZE_PROTO_41;
982
packet_has_required_size= bytes_remaining_in_packet >=
983
AUTH_PACKET_HEADER_SIZE_PROTO_40;
985
if (!packet_has_required_size)
988
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
990
thd->client_capabilities= uint4korr(end);
991
thd->max_client_packet_length= uint4korr(end + 4);
992
charset_code= (uint)(uchar)*(end + 8);
994
Skip 23 remaining filler bytes which have no particular meaning.
996
end+= AUTH_PACKET_HEADER_SIZE_PROTO_41;
997
bytes_remaining_in_packet-= AUTH_PACKET_HEADER_SIZE_PROTO_41;
1001
thd->client_capabilities= uint2korr(end);
1002
thd->max_client_packet_length= uint3korr(end + 2);
1003
end+= AUTH_PACKET_HEADER_SIZE_PROTO_40;
1004
bytes_remaining_in_packet-= AUTH_PACKET_HEADER_SIZE_PROTO_40;
1006
Old clients didn't have their own charset. Instead the assumption
1007
was that they used what ever the server used.
1009
charset_code= default_charset_info->number;
1014
DBUG_PRINT("info", ("client_character_set: %u", charset_code));
1015
if (thd_init_client_charset(thd, charset_code))
1017
thd->update_charset();
795
1020
Disable those bits which are not supported by the server.
796
1021
This is a precautionary measure, if the client lies. See Bug#27944.
801
1026
thd->variables.sql_mode|= MODE_IGNORE_SPACE;
802
1027
#ifdef HAVE_OPENSSL
803
1028
DBUG_PRINT("info", ("client capabilities: %lu", thd->client_capabilities));
1031
If client requested SSL then we must stop parsing, try to switch to SSL,
1032
and wait for the client to send a new handshake packet.
1033
The client isn't expected to send any more bytes until SSL is initialized.
804
1035
if (thd->client_capabilities & CLIENT_SSL)
806
1037
/* Do the SSL layering. */
807
1038
if (!ssl_acceptor_fd)
809
inc_host_errors(&thd->remote.sin_addr);
810
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
813
1041
DBUG_PRINT("info", ("IO layer change in progress..."));
814
1042
if (sslaccept(ssl_acceptor_fd, net->vio, net->read_timeout))
816
1044
DBUG_PRINT("error", ("Failed to accept new SSL connection"));
817
inc_host_errors(&thd->remote.sin_addr);
818
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
821
1048
DBUG_PRINT("info", ("Reading user information over SSL layer"));
822
if ((pkt_len= my_net_read(net)) == packet_error ||
823
pkt_len < NORMAL_HANDSHAKE_SIZE)
1049
if ((pkt_len= my_net_read(net)) == packet_error)
825
1051
DBUG_PRINT("error", ("Failed to read user information (pkt_len= %lu)",
827
inc_host_errors(&thd->remote.sin_addr);
828
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
1056
A new packet was read and the statistics reflecting the remaining bytes
1057
in the packet must be updated.
1059
bytes_remaining_in_packet= pkt_len;
1062
After the SSL handshake is performed the client resends the handshake
1063
packet but because of legacy reasons we chose not to parse the packet
1064
fields a second time and instead only assert the length of the packet.
1066
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
1069
packet_has_required_size= bytes_remaining_in_packet >=
1070
AUTH_PACKET_HEADER_SIZE_PROTO_41;
1071
end= (char *)net->read_pos + AUTH_PACKET_HEADER_SIZE_PROTO_41;
1072
bytes_remaining_in_packet -= AUTH_PACKET_HEADER_SIZE_PROTO_41;
1076
packet_has_required_size= bytes_remaining_in_packet >=
1077
AUTH_PACKET_HEADER_SIZE_PROTO_40;
1078
end= (char *)net->read_pos + AUTH_PACKET_HEADER_SIZE_PROTO_40;
1079
bytes_remaining_in_packet -= AUTH_PACKET_HEADER_SIZE_PROTO_40;
1082
if (!packet_has_required_size)
832
1085
#endif /* HAVE_OPENSSL */
834
if (end >= (char*) net->read_pos+ pkt_len +2)
836
inc_host_errors(&thd->remote.sin_addr);
837
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
841
1087
if (thd->client_capabilities & CLIENT_INTERACTIVE)
842
1088
thd->variables.net_wait_timeout= thd->variables.net_interactive_timeout;
843
1089
if ((thd->client_capabilities & CLIENT_TRANSACTIONS) &&
844
1090
opt_using_transactions)
845
1091
net->return_status= &thd->server_status;
848
char *passwd= strend(user)+1;
849
uint user_len= passwd - user - 1;
1094
The 4.0 and 4.1 versions of the protocol differ on how strings
1095
are terminated. In the 4.0 version, if a string is at the end
1096
of the packet, the string is not null terminated. Do not assume
1097
that the returned string is always null terminated.
1099
get_proto_string_func_t get_string;
1101
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
1102
get_string= get_41_protocol_string;
1104
get_string= get_40_protocol_string;
1106
user= get_string(&end, &bytes_remaining_in_packet, &user_len);
1111
Old clients send a null-terminated string as password; new clients send
1112
the size (1 byte) + string (not null-terminated). Hence in case of empty
1113
password both send '\0'.
1118
if (thd->client_capabilities & CLIENT_SECURE_CONNECTION)
1121
4.1+ password. First byte is password length.
1123
passwd= get_length_encoded_string(&end, &bytes_remaining_in_packet,
1129
Old passwords are zero terminated strings.
1131
passwd= get_string(&end, &bytes_remaining_in_packet, &passwd_len);
1140
if (thd->client_capabilities & CLIENT_CONNECT_WITH_DB)
1142
db= get_string(&end, &bytes_remaining_in_packet, &db_len);
851
1147
char db_buff[NAME_LEN + 1]; // buffer to store db in utf8
852
1148
char user_buff[USERNAME_LENGTH + 1]; // buffer to store user in utf8
853
1149
uint dummy_errors;
856
Old clients send null-terminated string as password; new clients send
857
the size (1 byte) + string (not null-terminated). Hence in case of empty
858
password both send '\0'.
860
This strlen() can't be easily deleted without changing protocol.
862
Cast *passwd to an unsigned char, so that it doesn't extend the sign for
863
*passwd > 127 and become 2**32-127+ after casting to uint.
1152
Copy and convert the user and database names to the character set used
1153
by the server. Since 4.1 all database names are stored in UTF-8. Also,
1154
ensure that the names are properly null-terminated as this is relied
865
uint passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
866
(uchar)(*passwd++) : strlen(passwd);
867
db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
868
db + passwd_len + 1 : 0;
869
/* strlen() can't be easily deleted without changing protocol */
870
uint db_len= db ? strlen(db) : 0;
872
if (passwd + passwd_len + db_len > (char *)net->read_pos + pkt_len)
874
inc_host_errors(&thd->remote.sin_addr);
875
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
879
/* Since 4.1 all database names are stored in utf8 */
882
db_buff[copy_and_convert(db_buff, sizeof(db_buff)-1,
885
thd->charset(), &dummy_errors)]= 0;
1159
db_len= copy_and_convert(db_buff, sizeof(db_buff)-1, system_charset_info,
1160
db, db_len, thd->charset(), &dummy_errors);
1161
db_buff[db_len]= '\0';
889
user_buff[user_len= copy_and_convert(user_buff, sizeof(user_buff)-1,
890
system_charset_info, user, user_len,
891
thd->charset(), &dummy_errors)]= '\0';
1165
user_len= copy_and_convert(user_buff, sizeof(user_buff)-1,
1166
system_charset_info, user, user_len,
1167
thd->charset(), &dummy_errors);
1168
user_buff[user_len]= '\0';
892
1169
user= user_buff;
894
1171
/* If username starts and ends in "'", chop them off */