From 5d3b571e4cca5e968805302a8f2097970178bbd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Sun, 16 Dec 2018 20:22:21 +1100 Subject: [PATCH 1/3] Prevent a buffer overflow in SELECT @@version --- lib/ProxySQL_Admin.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index b353cb344..1a6495882 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -2881,7 +2881,7 @@ void admin_session_handler(MySQL_Session *sess, void *_pa, PtrSize_t *pkt) { if (!strncasecmp("SHOW GLOBAL VARIABLES LIKE 'version'", query_no_space, strlen("SHOW GLOBAL VARIABLES LIKE 'version'"))) { l_free(query_length,query); char *q=(char *)"SELECT 'version' Variable_name, '%s' Value FROM global_variables WHERE Variable_name='admin-version'"; - query_length=strlen(q)+20; + query_length=strlen(q)+20+strlen(PROXYSQL_VERSION); query=(char *)l_alloc(query_length); sprintf(query,q,PROXYSQL_VERSION); goto __run_query; From 96f179f943954f3e04e1f1d65ba9ecbb3d0bd320 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Sun, 16 Dec 2018 20:39:34 +1100 Subject: [PATCH 2/3] Prevent a buffer overflow in SELECT @@version --- lib/ProxySQL_Admin.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index 1a6495882..dcc8b5528 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -2657,7 +2657,7 @@ void admin_session_handler(MySQL_Session *sess, void *_pa, PtrSize_t *pkt) { if (!strncasecmp("SELECT @@version", query_no_space, strlen("SELECT @@version"))) { l_free(query_length,query); char *q=(char *)"SELECT '%s' AS '@@version'"; - query_length=strlen(q)+20; + query_length=strlen(q)+20+strlen(PROXYSQL_VERSION); query=(char *)l_alloc(query_length); sprintf(query,q,PROXYSQL_VERSION); goto __run_query; @@ -2666,7 +2666,7 @@ void admin_session_handler(MySQL_Session *sess, void *_pa, PtrSize_t *pkt) { if (!strncasecmp("SELECT version()", query_no_space, strlen("SELECT version()"))) { l_free(query_length,query); char *q=(char *)"SELECT '%s' AS 'version()'"; - query_length=strlen(q)+20; + query_length=strlen(q)+20+strlen(PROXYSQL_VERSION); query=(char *)l_alloc(query_length); sprintf(query,q,PROXYSQL_VERSION); goto __run_query; From 883d66a71f97dc3c23389ee044f3101dd87f1af5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Sun, 16 Dec 2018 12:01:57 +0100 Subject: [PATCH 3/3] Inlining some functions related to connection pool --- include/MySQL_HostGroups_Manager.h | 6 +++--- lib/MySQL_HostGroups_Manager.cpp | 10 ++++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/include/MySQL_HostGroups_Manager.h b/include/MySQL_HostGroups_Manager.h index b0be597ab..34f3639b0 100644 --- a/include/MySQL_HostGroups_Manager.h +++ b/include/MySQL_HostGroups_Manager.h @@ -305,7 +305,7 @@ class MySrvConnList { } MySQL_Connection *remove(int); MySQL_Connection * get_random_MyConn(MySQL_Session *sess, bool ff); - unsigned int conns_length(); + unsigned int conns_length() { return conns->len; } void drop_all_connections(); MySQL_Connection *index(unsigned int); }; @@ -364,12 +364,12 @@ class MySrvList { // MySQL Server List int find_idx(MySrvC *); public: PtrArray *servers; - unsigned int cnt(); + unsigned int cnt() { return servers->len; } MySrvList(MyHGC *); ~MySrvList(); void add(MySrvC *); void remove(MySrvC *); - MySrvC * idx(unsigned int); + MySrvC * idx(unsigned int i) {return (MySrvC *)servers->index(i); } }; class MyHGC { // MySQL Host Group Container diff --git a/lib/MySQL_HostGroups_Manager.cpp b/lib/MySQL_HostGroups_Manager.cpp index 708201698..51085949a 100644 --- a/lib/MySQL_HostGroups_Manager.cpp +++ b/lib/MySQL_HostGroups_Manager.cpp @@ -638,9 +638,11 @@ MySQL_Connection * MySrvConnList::remove(int _k) { return (MySQL_Connection *)conns->remove_index_fast(_k); } +/* unsigned int MySrvConnList::conns_length() { return conns->len; } +*/ MySrvConnList::MySrvConnList(MySrvC *_mysrvc) { mysrvc=_mysrvc; @@ -2211,11 +2213,11 @@ MySrvC *MyHGC::get_random_MySrvC(char * gtid_uuid, uint64_t gtid_trxid) { return NULL; // if we reach here, we couldn't find any target } -unsigned int MySrvList::cnt() { - return servers->len; -} +//unsigned int MySrvList::cnt() { +// return servers->len; +//} -MySrvC * MySrvList::idx(unsigned int i) { return (MySrvC *)servers->index(i); } +//MySrvC * MySrvList::idx(unsigned int i) { return (MySrvC *)servers->index(i); } MySQL_Connection * MySrvConnList::get_random_MyConn(MySQL_Session *sess, bool ff) { MySQL_Connection * conn=NULL;