From eed53d7405a18b486f07bc68c95a8dcc1e5a61ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Sun, 18 Mar 2018 14:41:29 +0100 Subject: [PATCH] Try to understand if an uncompressed packet is wrongly marked as compressed #1410 --- lib/mysql_data_stream.cpp | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/lib/mysql_data_stream.cpp b/lib/mysql_data_stream.cpp index 761313be2..dcee2b060 100644 --- a/lib/mysql_data_stream.cpp +++ b/lib/mysql_data_stream.cpp @@ -820,9 +820,36 @@ int MySQL_Data_Stream::buffer2array() { if (payload_length) { // the payload is compressed destLen=payload_length; - dest=(Bytef *)l_alloc(destLen); + //dest=(Bytef *)l_alloc(destLen); + dest=(Bytef *)malloc(destLen); int rc=uncompress(dest, &destLen, _ptr, queueIN.pkt.size-7); - assert(rc==Z_OK); + if (rc!=Z_OK) { + // for some reason, uncompress failed + // accoding to debugging on #1410 , it seems some library may send uncompress data claiming it is compressed + // we try to assume it is not compressed, and we do some sanity check + memcpy(dest, _ptr, queueIN.pkt.size-7); + datalength=queueIN.pkt.size-7; + // some sanity check now + unsigned char _u; + bool sanity_check = false; + _u = *(u+9); + // 2nd and 3rd bytes are 0 + if (_u == 0) { + _u = *(u+8); + if (_u == 0) { + _u = *(u+7); + // 1st byte = size - 7 + unsigned int _size = _u ; + if (queueIN.pkt.size-7 == _size) { + sanity_check = true; + } + } + } + if (sanity_check == false) { + shut_soft(); + return ret; + } + } datalength=payload_length; // change _ptr to the new buffer _ptr=dest; @@ -867,7 +894,8 @@ int MySQL_Data_Stream::buffer2array() { } } if (payload_length) { - l_free(destLen,dest); + //l_free(destLen,dest); + free(dest); } l_free(queueIN.pkt.size,queueIN.pkt.ptr); pkts_recv++;