Commit 173eb806 authored by unknown's avatar unknown

bug #29801 Federated engine crashes local server

               if remote server sends malicious response.

We need to check if the SHOW TABLE STATUS query we issue inside the
FEDERATED engine returned the result with the proper (or just sufficient)
number of rows. Otherwise statements like row[12] can crash the server.


sql/ha_federated.cc:
  bug #29801 Federated engine crashes local server
                 if remote server sends malicious response.
  
  Return with the error if the remote server return fewer rows than we need.
parent b802af43
...@@ -2528,7 +2528,12 @@ int ha_federated::info(uint flag) ...@@ -2528,7 +2528,12 @@ int ha_federated::info(uint flag)
status_query_string.length(0); status_query_string.length(0);
result= mysql_store_result(mysql); result= mysql_store_result(mysql);
if (!result)
/*
We're going to use fields num. 4, 12 and 13 of the resultset,
so make sure we have these fields.
*/
if (!result || (mysql_num_fields(result) < 14))
goto error; goto error;
if (!mysql_num_rows(result)) if (!mysql_num_rows(result))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment