[#CONC-384] Incorrect packet when a connect attribute name or value is equal to or greater than 251.

[CONC-384] Incorrect packet when a connect attribute name or value is equal to or greater than 251. Created: 2019-01-03 Updated: 2019-02-07 Resolved: 2019-02-06
Status:	Closed
Project:	MariaDB Connector/C
Component/s:	None
Affects Version/s:	3.0.8
Fix Version/s:	3.0.9

Type:

Bug

Priority:

Major

Reporter:

Kubo Takehiro

Assignee:

Georg Richter

Resolution:

Fixed

Votes:

Labels:

None

Description

get_store_length() in libmariadb/mariadb_lib.c returns incorrect value when the argument is between 251 and 16777215. So mysql->options.extension->connect_attrs_len is incorrect when a connect attribute name or value is equal to or greater than 251.

The function must be fixed as follows:

static size_t get_store_length(size_t length)

  if (length < (size_t) L64(251))

    return 1;

  if (length < (size_t) L64(65536))

    return 3; // change from 2 to 3 ('\xfc' + 2-byte integer)

  if (length < (size_t) L64(16777216))

    return 4; // change from 3 to 4 ('\xfd' + 3-byte integer)

  return 9;

Comments

Comment by Georg Richter [ 2019-02-06 ]

Thanks for reporting this bug!

Fixed in 3.0.9
commit 70f2964dc4de116f4b50732cfec7cb566e082b4c

Generated at Thu Feb 08 03:04:55 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[CONC-384] Incorrect packet when a connect attribute name or value is equal to or greater than 251. Created: 2019-01-03 Updated: 2019-02-07 Resolved: 2019-02-06