[MXS-477] readconnroute misinterprets data as COM_CHANGE_USER - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 1.2.1
Fix Version/s: 2.0.0
Component/s: readconnroute
Labels:
None

Description

If hex data with a value of 0x11 is being routed through readconnroute, it is possible that some of it is misinterpreted as a COM_CHANGE_USER causing the query to fail.

Example with a file containing only 0x11 values:

[markusjm@localhost ~]$ mysql -u maxuser -pmaxpwd -h 192.168.0.201 -P 4008 test -e "insert into t1 values (\"0x`cat /tmp/data|head -c 90800`\")"

ERROR 1045 (28000) at line 1: Access denied for user '��������������������������������������������������������������������������������������������������������������������������������'@'192.168.0.201' (using password: YES)

This is due to the fact that readconnroute supports COM_CHANGE_USER and reads the command byte from each network packet.

Attachments

Issue Links

is duplicated by

MXS-566 MEDIUMBLOB column update issues

Closed

relates to

MXS-300 LONGBLOB are currently not supported.

Closed

Activity

People

Assignee:: markus makela

Reporter:: markus makela

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2015-11-16 19:47

Updated:: 2016-08-11 09:44

Resolved:: 2016-05-31 09:46

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.