From 37e72ea3f98cb83b2ea832166c14905de643e620 Mon Sep 17 00:00:00 2001
From: Rene Cannao <rene@proxysql.com>
Date: Sat, 14 Feb 2026 19:52:17 +0000
Subject: [PATCH] Fix PROXY protocol detection in
 MySQL_Data_Stream::read_from_net

When pkts_recv==0, the code reads 4 bytes expecting a MySQL packet header,
but PROXY protocol starts with 'PROXY ' which gets misinterpreted as a
MySQL header with a huge packet length (0x504f5250 = ~1.3GB).

Add check for 'PROX' prefix before parsing as MySQL header. This prevents
passing an incorrect length parameter to recv() that exceeds the buffer size.

Fixes #5376
---
 lib/mysql_data_stream.cpp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/mysql_data_stream.cpp b/lib/mysql_data_stream.cpp
index ebb520dd6..3d2721a89 100644
--- a/lib/mysql_data_stream.cpp
+++ b/lib/mysql_data_stream.cpp
@@ -589,10 +589,18 @@ int MySQL_Data_Stream::read_from_net() {
 				// to avoid issue with SSL, we will only read the header and eventually the first packet
 				r = recv(fd, queue_w_ptr(queueIN), 4, 0);
 				if (r == 4) {
-					// let's try to read a whole packet
-					mysql_hdr Hdr;
-					memcpy(&Hdr,queueIN.buffer,sizeof(mysql_hdr));
-					r += recv(fd, queue_w_ptr(queueIN)+4, Hdr.pkt_length, 0);
+					// Check for PROXY protocol before treating as MySQL header
+					// PROXY protocol starts with "PROXY " (6 bytes), but we only have 4 bytes here
+					// If first 4 bytes are "PROX", don't interpret as MySQL header
+					if (strncmp((char *)queueIN.buffer, "PROX", 4) == 0) {
+						// PROXY protocol detected - read more data without MySQL header parsing
+						r += recv(fd, queue_w_ptr(queueIN)+4, s-4, 0);
+					} else {
+						// let's try to read a whole packet
+						mysql_hdr Hdr;
+						memcpy(&Hdr,queueIN.buffer,sizeof(mysql_hdr));
+						r += recv(fd, queue_w_ptr(queueIN)+4, Hdr.pkt_length, 0);
+					}
 				}
 			} else {
 				r = recv(fd, queue_w_ptr(queueIN), s, 0);