Bug#50974: Server keeps receiving big (> max_allowed_packet) packets indefinitely.

The server could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This problem is aggravated by the fact that it can be triggered before authentication. The solution is to no skip big packets for non-authenticated sessions. If a big packet is sent before a session is authen- ticated, a error is returned and the connection is closed. include/mysql_com.h: Add skip flag. Only used in server builds. sql/net_serv.cc: Control whether big packets can be skipped.
2025-12-24 11:21:21 +03:00 · 2010-04-29 10:28:16 -03:00
parent 0d5dbb166b
commit 54705ab176
3 changed files with 21 additions and 0 deletions
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -493,6 +493,13 @@ int check_user(THD *thd, enum enum_server_command command,
      }
      send_ok(thd);
      thd->password= test(passwd_len);          // remember for error messages 
+      /*
+        Allow the network layer to skip big packets. Although a malicious
+        authenticated session might use this to trick the server to read
+        big packets indefinitely, this is a previously established behavior
+        that needs to be preserved as to not break backwards compatibility.
+      */
+      thd->net.skip_big_packet= TRUE;
      /* Ready to handle queries */
      DBUG_RETURN(0);
    }