[MXS-477] readconnroute misinterprets data as COM_CHANGE_USER Created: 2015-11-16  Updated: 2016-08-11  Resolved: 2016-05-31

Status: Closed
Project: MariaDB MaxScale
Component/s: readconnroute
Affects Version/s: 1.2.1
Fix Version/s: 2.0.0

Type: Bug Priority: Major
Reporter: markus makela Assignee: markus makela
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MXS-566 MEDIUMBLOB column update issues Closed
Relates
relates to MXS-300 LONGBLOB are currently not supported. Closed

 Description   

If hex data with a value of 0x11 is being routed through readconnroute, it is possible that some of it is misinterpreted as a COM_CHANGE_USER causing the query to fail.

Example with a file containing only 0x11 values:

[markusjm@localhost ~]$ mysql -u maxuser -pmaxpwd -h 192.168.0.201 -P 4008 test -e "insert into t1 values (\"0x`cat /tmp/data|head -c 90800`\")"
 
ERROR 1045 (28000) at line 1: Access denied for user '��������������������������������������������������������������������������������������������������������������������������������'@'192.168.0.201' (using password: YES)

This is due to the fact that readconnroute supports COM_CHANGE_USER and reads the command byte from each network packet.
Generated at Thu Feb 08 03:59:34 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.