Merge bk-internal.mysql.com:/home/bk/mysql-4.1

into mysql.com:/opt/local/work/mysql-4.1-16365 sql/mysql_priv.h: Auto merged sql/sql_class.h: Auto merged mysql-test/r/ps.result: Manual merge mysql-test/t/ps.test: Manual merge
2025-07-30 16:24:05 +03:00 · 2006-04-07 23:50:45 +04:00
parent e4e37ae5a1 5b5530daa5
commit f37d610147
9 changed files with 464 additions and 60 deletions
--- a/mysql-test/r/ps.result
+++ b/mysql-test/r/ps.result
@ -107,6 +107,9 @@ set @fvar= 123.4567;
 prepare stmt1 from @fvar;
 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '123.4567' at line 1
 drop table t1,t2;
+deallocate prepare stmt3;
+deallocate prepare stmt4;
+deallocate prepare stmt5;
 PREPARE stmt1 FROM "select _utf8 'A' collate utf8_bin = ?";
 set @var='A';
 EXECUTE stmt1 USING @var;
@ -252,6 +255,7 @@ set names latin1;
 execute `<60>`;
 1234
 1234
+deallocate prepare `<60>`;
 set names default;
 create table t1 (a varchar(10)) charset=utf8;
 insert into t1 (a) values ('yahoo');
@ -767,3 +771,107 @@ execute stmt using @a,@b;
 col1	col2
 deallocate prepare stmt;
 drop table t1;
+set @old_max_prepared_stmt_count= @@max_prepared_stmt_count;
+show variables like 'max_prepared_stmt_count';
+Variable_name	Value
+max_prepared_stmt_count	16382
+show variables like 'prepared_stmt_count';
+Variable_name	Value
+prepared_stmt_count	0
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+@@max_prepared_stmt_count	@@prepared_stmt_count
+16382	0
+set global max_prepared_stmt_count=-1;
+select @@max_prepared_stmt_count;
+@@max_prepared_stmt_count
+0
+set global max_prepared_stmt_count=10000000000000000;
+select @@max_prepared_stmt_count;
+@@max_prepared_stmt_count
+1048576
+set global max_prepared_stmt_count=default;
+select @@max_prepared_stmt_count;
+@@max_prepared_stmt_count
+16382
+set @@max_prepared_stmt_count=1;
+ERROR HY000: Variable 'max_prepared_stmt_count' is a GLOBAL variable and should be set with SET GLOBAL
+set max_prepared_stmt_count=1;
+ERROR HY000: Variable 'max_prepared_stmt_count' is a GLOBAL variable and should be set with SET GLOBAL
+set local max_prepared_stmt_count=1;
+ERROR HY000: Variable 'max_prepared_stmt_count' is a GLOBAL variable and should be set with SET GLOBAL
+set local prepared_stmt_count=0;
+ERROR HY000: Variable 'prepared_stmt_count' is a GLOBAL variable and should be set with SET GLOBAL
+set @@prepared_stmt_count=0;
+ERROR HY000: Variable 'prepared_stmt_count' is a GLOBAL variable and should be set with SET GLOBAL
+set global prepared_stmt_count=1;
+ERROR 42000: Incorrect argument type to variable 'prepared_stmt_count'
+set global max_prepared_stmt_count=1;
+select @@max_prepared_stmt_count;
+@@max_prepared_stmt_count
+1
+set global max_prepared_stmt_count=0;
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+@@max_prepared_stmt_count	@@prepared_stmt_count
+0	0
+prepare stmt from "select 1";
+ERROR HY000: Unknown error
+select @@prepared_stmt_count;
+@@prepared_stmt_count
+0
+set global max_prepared_stmt_count=1;
+prepare stmt from "select 1";
+select @@prepared_stmt_count;
+@@prepared_stmt_count
+1
+prepare stmt1 from "select 1";
+ERROR HY000: Unknown error
+select @@prepared_stmt_count;
+@@prepared_stmt_count
+1
+deallocate prepare stmt;
+select @@prepared_stmt_count;
+@@prepared_stmt_count
+0
+prepare stmt from "select 1";
+select @@prepared_stmt_count;
+@@prepared_stmt_count
+1
+prepare stmt from "select 2";
+select @@prepared_stmt_count;
+@@prepared_stmt_count
+1
+select @@prepared_stmt_count, @@max_prepared_stmt_count;
+@@prepared_stmt_count	@@max_prepared_stmt_count
+1	1
+set global max_prepared_stmt_count=0;
+prepare stmt from "select 1";
+ERROR HY000: Unknown error
+execute stmt;
+ERROR HY000: Unknown prepared statement handler (stmt) given to EXECUTE
+select @@prepared_stmt_count;
+@@prepared_stmt_count
+0
+prepare stmt from "select 1";
+ERROR HY000: Unknown error
+select @@prepared_stmt_count;
+@@prepared_stmt_count
+0
+set global max_prepared_stmt_count=3;
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+@@max_prepared_stmt_count	@@prepared_stmt_count
+3	0
+prepare stmt from "select 1";
+prepare stmt from "select 2";
+prepare stmt1 from "select 3";
+prepare stmt2 from "select 4";
+ERROR HY000: Unknown error
+prepare stmt2 from "select 4";
+ERROR HY000: Unknown error
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+@@max_prepared_stmt_count	@@prepared_stmt_count
+3	3
+deallocate prepare stmt;
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+@@max_prepared_stmt_count	@@prepared_stmt_count
+3	0
+set global max_prepared_stmt_count= @old_max_prepared_stmt_count;
--- a/mysql-test/t/ps.test
+++ b/mysql-test/t/ps.test
@ -111,6 +111,9 @@ set @fvar= 123.4567;
 prepare stmt1 from @fvar;

 drop table t1,t2;
+deallocate prepare stmt3;
+deallocate prepare stmt4;
+deallocate prepare stmt5;

 #
 # Bug #4105: Server crash on attempt to prepare a statement with character
@ -254,6 +257,7 @@ prepare `ü` from 'select 1234';
 execute `ü` ;
 set names latin1;
 execute `<60>`;
+deallocate prepare `<60>`;
 set names default;


@ -803,4 +807,123 @@ execute stmt using @a,@b;
 deallocate prepare stmt;
 drop table t1;

+#
+# Bug#16365 Prepared Statements: DoS with too many open statements
+# Check that the limit @@max_prpeared_stmt_count works.
+#
+# Save the old value
+set @old_max_prepared_stmt_count= @@max_prepared_stmt_count;
+#
+# Disable prepared statement protocol: in this test we set
+# @@max_prepared_stmt_count to 0 or 1 and would like to test the limit
+# manually.
+#
+--disable_ps_protocol
+#
+# A. Check that the new variables are present in SHOW VARIABLES list.
+#
+show variables like 'max_prepared_stmt_count';
+show variables like 'prepared_stmt_count';
+#
+# B. Check that the new variables are selectable.
+#
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+#
+# C. Check that max_prepared_stmt_count is settable (global only),
+#    whereas prepared_stmt_count is readonly.
+#
+set global max_prepared_stmt_count=-1;
+select @@max_prepared_stmt_count;
+set global max_prepared_stmt_count=10000000000000000;
+select @@max_prepared_stmt_count;
+set global max_prepared_stmt_count=default;
+select @@max_prepared_stmt_count;
+--error 1229 # ER_GLOBAL_VARIABLE
+set @@max_prepared_stmt_count=1;
+--error 1229 # ER_GLOBAL_VARIABLE
+set max_prepared_stmt_count=1;
+--error 1229 # ER_GLOBAL_VARIABLE
+set local max_prepared_stmt_count=1;
+--error 1229 # ER_GLOBAL_VARIABLE
+set local prepared_stmt_count=0;
+--error 1229 # ER_GLOBAL_VARIABLE
+set @@prepared_stmt_count=0;
+--error 1232 # ER_WRONG_TYPE_FOR_VAR
+set global prepared_stmt_count=1;
+# set to a reasonable limit works
+set global max_prepared_stmt_count=1;
+select @@max_prepared_stmt_count;
+#
+# D. Check that the variables actually work.
+#
+set global max_prepared_stmt_count=0;
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+--error 1105 # ER_UNKNOWN_ERROR
+prepare stmt from "select 1";
+select @@prepared_stmt_count;
+set global max_prepared_stmt_count=1;
+prepare stmt from "select 1";
+select @@prepared_stmt_count;
+--error 1105 # ER_UNKNOWN_ERROR
+prepare stmt1 from "select 1";
+select @@prepared_stmt_count;
+deallocate prepare stmt;
+select @@prepared_stmt_count;
+#
+# E. Check that we can prepare a statement with the same name 
+# successfully, without hitting the limit.
+#
+prepare stmt from "select 1";
+select @@prepared_stmt_count;
+prepare stmt from "select 2";
+select @@prepared_stmt_count;
+#
+# F. We can set the max below the current count. In this case no new 
+# statements should be allowed to prepare.
+#
+select @@prepared_stmt_count, @@max_prepared_stmt_count;
+set global max_prepared_stmt_count=0;
+--error 1105 # ER_UNKNOWN_ERROR
+prepare stmt from "select 1";
+# Result: the old statement is deallocated, the new is not created.
+--error 1243 # ER_UNKNOWN_STMT_HANDLER
+execute stmt;
+select @@prepared_stmt_count;
+--error 1105 # ER_UNKNOWN_ERROR
+prepare stmt from "select 1";
+select @@prepared_stmt_count;
+#
+# G. Show that the variables are up to date even after a connection with all
+# statements in it was terminated.
+#
+set global max_prepared_stmt_count=3;
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+prepare stmt from "select 1";
+connect (con1,localhost,root,,);
+connection con1;
+prepare stmt from "select 2";
+prepare stmt1 from "select 3";
+--error 1105 # ER_UNKNOWN_ERROR
+prepare stmt2 from "select 4";
+connection default;
+--error 1105 # ER_UNKNOWN_ERROR 
+prepare stmt2 from "select 4";
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+disconnect con1;
+connection default;
+# Wait for the connection to die: deal with a possible race
+deallocate prepare stmt;
+let $count= `select @@prepared_stmt_count`;
+if ($count)
+{
+--sleep 2
+  let $count= `select @@prepared_stmt_count`;
+}
+select @@max_prepared_stmt_count, @@prepared_stmt_count;
+#
+# Restore the old value.
+#
+set global max_prepared_stmt_count= @old_max_prepared_stmt_count;
+--enable_ps_protocol
+
 # End of 4.1 tests