1. 08 Sep, 2017 1 commit
    • Anushree Prakash B's avatar
      Bug#26372491 - RCE THROUGH THE MISHANDLE OF BACKSLASH · 43632f4c
      Anushree Prakash B authored
      DESCRIPTION:
      ===========
      The bug is related to incorrect parsing of SQL queries
      when typed in on the CLI. The incorrect parsing can
      result in unexpected results.
      
      ANALYSIS:
      ========
      The scenarios mainly happens for identifier names
      with a typical combination of backslashes and backticks.
      The incorrect parsing can either result in executing
      additional queries or can result in query truncation.
      This can impact mysqldump as well.
      
      FIX:
      ===
      The fix makes sure that such identifier names are
      correctly parsed and a proper query is sent to the
      server for execution.
      43632f4c
  2. 07 Sep, 2017 1 commit
  3. 06 Sep, 2017 2 commits
  4. 31 Aug, 2017 1 commit
  5. 29 Aug, 2017 1 commit
  6. 24 Aug, 2017 2 commits
    • Ajo Robert's avatar
      Bug#26361149 MYSQL SERVER CRASHES AT: COL IN(IFNULL(CONST, · f7316aa0
      Ajo Robert authored
                             COL), NAME_CONST('NAME', NULL))
      
      Backport of Bug#19143243 fix.
      
      NAME_CONST item can return NULL_ITEM type in case of incorrect arguments.
      NULL_ITEM has special processing in Item_func_in function.
      In Item_func_in::fix_length_and_dec an array of possible comparators is
      created. Since NAME_CONST function has NULL_ITEM type, corresponding
      array element is empty. Then NAME_CONST is wrapped to ITEM_CACHE.
      ITEM_CACHE can not return proper type(NULL_ITEM) in Item_func_in::val_int(),
      so the NULL_ITEM is attempted compared with an empty comparator.
      The fix is to disable the caching of Item_name_const item.
      f7316aa0
    • Arun Kuruvila's avatar
      Bug#26482173: TLS CIPHER NEGOTIATION INCORRECTLY MATCHES ON · f2f6025a
      Arun Kuruvila authored
                    LAST BYTE ONLY (YASSL)
      
      
      Description:- TLS cipher negociation happens incorrectly
      leading to the use of a different
      
      Analysis:- YaSSL based MySQL server will compare only the
      last byte of each cipher sent in the Client Hello message.
      This can cause TLS connections to fail, due to the server
      picking a cipher which the client doesn't actually support.
      
      Fix:- A fix for detecting cipher suites with non leading
      zeros is included as YaSSL only supports cipher suites with
      leading zeros.
      f2f6025a
  7. 23 Aug, 2017 3 commits
    • Nisha Gopalakrishnan's avatar
      Bug#26390632: CREATE TABLE CAN CAUSE MYSQL TO EXIT. · be901b60
      Nisha Gopalakrishnan authored
      Analysis
      ========
      CREATE TABLE of InnoDB table with a partition name
      which exceeds the path limit can cause the server
      to exit.
      
      During the preparation of the partition name,
      there was no check to identify whether the complete
      path name for partition exceeds the max supported
      path length, causing the server to exit during
      subsequent processing.
      
      Fix
      ===
      During the preparation of partition name, check and report
      an error if the partition path name exceeds the maximum path
      name limit.
      
      This is a 5.5 patch.
      be901b60
    • Tor Didriksen's avatar
      Bug#19875294 ASSERTION `SRC' FAILED IN MY_STRNXFRM_UNICODE (SIG 6 -STRINGS/CTYPE-UTF8.C:5151) · ebd96c31
      Tor Didriksen authored
      Backport from 5.7 to 5.5 Field_set::val_str()
      should return String("", 0, cs) rather than String(NULL, 0, cs)
      ebd96c31
    • Venkatesh Duggirala's avatar
      Bug#24763131 LOCAL-INFILE DEFAULT SHOULD BE DISABLED · d75f8a17
      Venkatesh Duggirala authored
      Problem & Analysis: Slave's Receiver thread, Applier thread and worker
          threads are created with LOCAL-INFILE option enabled. As the document
          says https://dev.mysql.com/doc/refman/5.7/en/load-data-local.html,
          there are some issues if a thread enables local infile.
          This flag should be enabled with care. But for the above mentioned
          internal threads, server is enabling it at the time of creation.
      
      Fix: Further analysis on the code shows that none of threads really
          need this flag to be enabled at any time as Slave never executes
          "LOAD DATA LOCAL INFILE" after reading it from Relay log.
          Applier thread removes "LOCAL" before start executing the query.
      d75f8a17
  8. 25 Jul, 2017 1 commit
    • Deepa Dixit's avatar
      Bug#26161247: MTR: --NOREORDER IS SEARCHING FOR TEST SCRIPT ONLY IN MAIN SUITE · 6a6d5bc9
      Deepa Dixit authored
      Issue:
      ------
      Running MTR with the --no-reorder option by specifying test cases on the
      command line, without prefixing the suite name results in an error saying the
      test case was not found in the main suite. This is because MTR looks for the
      test case only in the main suite, and no other suites.
      
      Fix:
      ----
      The fix involves searching for the test in every suite if only the test name
      is specified. This back-ports two bug fixes: Bug#24967869 and Bug#24365783
      Reviewed-by: default avatarPavan Naik <pavan.naik@oracle.com>
      RB: 16812
      6a6d5bc9
  9. 17 Jul, 2017 1 commit
  10. 07 Jul, 2017 1 commit
  11. 05 Jun, 2017 2 commits
  12. 02 Jun, 2017 3 commits
  13. 01 Jun, 2017 1 commit
  14. 29 May, 2017 1 commit
  15. 25 May, 2017 1 commit
    • Venkatesh Duggirala's avatar
      Bug#18950197 RPL_SEMI_SYNC_UNINSTALL_PLUGIN FAILS BECAUSE · bb9e547a
      Venkatesh Duggirala authored
      RPL_SEMI_SYNC_MASTER_CLIENTS=1
      
      Analysis: Uninstalling rpl_semi_sync_slave on slave
                will trigger removing the slave logic on Master which
                will reduce Rpl_semi_sync_master_clients by one number.
                But it happens asynchronously on Master. Having assert
                to check this value with zero will have problems on
                slow pb2 machines.
      
      Fix: Change assert into wait_for_status_var condition.
      bb9e547a
  16. 24 May, 2017 2 commits
    • Piotr Obrzut's avatar
      Bug #25658832 VALIDATION CHECK FOR MSVC REDIST NEEDED IN SERVER COMMUNITY MSI · fedfba21
      Piotr Obrzut authored
      Added matching redist prerequisite check to the server msi installer.
      fedfba21
    • Sreeharsha Ramanavarapu's avatar
      Bug #24595639: INCORRECT BEHAVIOR IN QUERY WITH UNION AND · c34f2e51
      Sreeharsha Ramanavarapu authored
                     GROUP BY
      
      Issue 1:
      --------
      This problem occurs in the following conditions:
      1) A UNION is present in the subquery of select list and
         handles multiple columns.
      2) Query has a GROUP BY.
      
      A temporary table is created to handle the UNION.
      Item_field objects are based on the expressions of the
      result of the UNION (ie. the fake_select_lex). While
      checking validity of the columns in the GROUP BY list, the
      columns of the temporary table are checked in
      Item_ident::local_column. But the Item_field objects
      created for the temporary table don't have information like
      the Name_resolution_context that they belong to or whether
      they are dependent on an outer query. Since these members
      are null, incorrect behavior is caused.
      
      This can happen when such Item objects are cached to apply
      the IN-to-EXISTS transform for Item_row.
      
      Solution to Issue 1:
      --------------------
      Context information of the first select in the UNION will
      be assigned to the new Item_field objects.
      
      
      Issue 2:
      --------
      This problem occurs in the following conditions:
      1) A UNION is present in the subquery of select list.
      2) A column in the UNION's first SELECT refers to a table
         in the outer-query making it a dependent union.
      3) GROUP BY column refers to the outer-referencing column.
      
      While resolving the select list with an outer-reference, an
      Item_outer_ref object is created to handle the
      outer-query's GROUP BY list. The Item_outer_ref object
      replaces the Item_field object in the item tree.
      Item_outer_ref::fix_fields will be called only while fixing
      the inner references of the outer query.
      
      Before resolving the outer-query, an Item_type_holder
      object needs to be created to handle the UNION. But as
      explained above, the Item_outer_ref object has not been
      fixed yet. Having a fixed Item object is a pre-condition
      for creating an Item_type_holder.
      
      Solution to Issue 2:
      --------------------
      Use the reference (real_item()) of an Item_outer_ref object
      instead of the object itself while creating an
      Item_type_holder.
      c34f2e51
  17. 23 May, 2017 3 commits
  18. 22 May, 2017 1 commit
    • Ivo Roylev's avatar
      Bug# 25998635: Client does not escape the USE statement · 20addb05
      Ivo Roylev authored
      When there are quotes in the USE statement, the mysql client does
      not correctly escape them.
      
      The USE statement is processed line by line from the client's parser,
      and cannot handle multi-line commands as the server.
      
      The fix is to escape the USE parameters whenever quotes are used.
      20addb05
  19. 16 May, 2017 2 commits
    • Shishir Jaiswal's avatar
      Bug#16212207 - LOAD XML INFILE PERFORMANCE WITH INDENTED · 3b562dcf
      Shishir Jaiswal authored
                     XML
      
      DESCRIPTION
      ===========
      LOAD XML INFILE performance becomes painfully slow if the
      tags' value has any space(s) in between them. They're
      usually kept intentionally for indentation purpose.
      
      ANALYSIS
      ========
      The extra spaces are calling clear_level() many a times
      which is having overhead of clearing taglist etc. This can
      be avoided altogether by skipping all such spaces.
      
      FIX
      ===
      Trim all the starting whitespaces from the value before
      passing it to read_value()
      3b562dcf
    • Tor Didriksen's avatar
      Bug #25436469: BUILDS ARE NOT REPRODUCIBLE · f4ce18b0
      Tor Didriksen authored
      Backport to 5.5
      
      Current MySQL builds, even on Pushbuild, are not reproducible; they return
      different results depending on which directory they are built from (and
      Pushbuild uses several different directories). This is because absolute paths
      leak into debug information, and even worse, __FILE__. The latter moves code
      around enough that we've actually seen sysbench changes on the order of 4% in
      some tests.
      
      CMake seemingly insists on using absolute paths, but we can insert our own
      layer between CMake and GCC to relativize all paths. Also give the right flags
      to get debug information reproducible and turn off build stamping. This makes
      the mysqld build 100% bit-for-bit reproducible between runs on my machine,
      even when run from different directories.
      f4ce18b0
  20. 13 May, 2017 1 commit
  21. 12 May, 2017 1 commit
    • Nisha Gopalakrishnan's avatar
      BUG#25451091:CREATE TABLE DATA DIRECTORY / INDEX DIRECTORY · b615c3df
      Nisha Gopalakrishnan authored
                   SYMLINK CHECK RACE CONDITIONS
      
      ANALYSIS:
      =========
      A potential defect exists in the handling of CREATE
      TABLE .. DATA DIRECTORY/ INDEX DIRECTORY which gives way to
      the user to gain access to another user table or a system
      table.
      
      FIX:
      ====
      The lstat and fstat output of the target files are now
      stored which help in determining the identity of the target
      files thus preventing the unauthorized access to other
      files.
      b615c3df
  22. 04 May, 2017 1 commit
  23. 03 May, 2017 1 commit
    • Anushree Prakash B's avatar
      Bug#25340722 - PRINT BINARY DATA AS HEX IN THE MYSQL · 756b00d8
      Anushree Prakash B authored
                     CLIENT (CONTRIBUTION)
      
      DESCRIPTION:
      ============
      Binary data should be printed as hex in the mysql client
      when the option binary-as-hex is enabled.
      
      ANALYSIS:
      =========
      The fix deals only with mysql command line client.
      It does not change, at all, the data sent to the
      applications. Printing binary data as hex also
      allows to use the output in the where clause
      of the query.
      
      FIX:
      ====
      A new option 'binary-as-hex' is introduced to print the
      binary contents as hex in the mysql client. The option
      is disabled by default. When the option is enabled, we
      convert the binary data to hex before printing the
      contents irrespective of whether it is in tabular,
      xml or html format.
      756b00d8
  24. 02 May, 2017 1 commit
  25. 27 Apr, 2017 4 commits
  26. 25 Apr, 2017 1 commit