database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

5.2 merge

Browse Source
This commit is contained in:
Sergei Golubchik
2013-01-25 10:20:45 +01:00
parent 746152959a 9142c50b07
commit de10e21411
12 changed files with 264 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
sql/sql_parse.cc
View File

@ -1138,6 +1138,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
uint save_db_length= thd->db_length;
char *save_db= thd->db;
int rc;
USER_CONN *save_user_connect= thd->user_connect;
Security_context save_security_ctx= *thd->security_ctx;
CHARSET_INFO *save_character_set_client=
@ -1151,7 +1152,19 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
thd->security_ctx->user= 0;
thd->user_connect= 0;
if (acl_authenticate(thd, 0, packet_length))
/*
to limit COM_CHANGE_USER ability to brute-force passwords,
we only allow three unsuccessful COM_CHANGE_USER per connection.
*/
if (thd->failed_com_change_user >= 3)
{
my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));
rc= 1;
}
else
rc= acl_authenticate(thd, 0, packet_length);
if (rc)
{
/* Free user if allocated by acl_authenticate */
x_free(thd->security_ctx->user);
@ -1164,6 +1177,8 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
thd->variables.collation_connection= save_collation_connection;
thd->variables.character_set_results= save_character_set_results;
thd->update_charset();
thd->failed_com_change_user++;
my_sleep(1000000);
}
else
{