Bug#30139031: GET_PACKET_LENGTH() SHOULD RETURN ULONG

G Manasa · G Manasa · commit d99dccee9ccb · 2020-04-22T21:55:00.000+05:30
Description: There is an integer loss of precision in
a function during connection leading to a diverted
control flow.

Analysis: A function which is supposed to return ulong
returned unit which leads to loss of integer precision.
This lead to a diverted control flow.

Fix: Change the return value of the function to ulong
instead of uint.

RB#24097
diff --git a/sql/auth/sql_authentication.cc b/sql/auth/sql_authentication.cc
@@ -1889,7 +1889,7 @@ static int server_mpvio_read_packet(MYSQL_PLUGIN_VIO *param, uchar **buf)
     protocol->read_packet();
     pkt_len= protocol->get_packet_length();
   }
-
+  DBUG_EXECUTE_IF("simulate_packet_error", pkt_len = packet_error;);
   if (pkt_len == packet_error)
     goto err;
 
@@ -2197,7 +2197,7 @@ acl_authenticate(THD *thd, enum_server_command command)
   /* acl_authenticate() takes the data from net->read_pos */
   thd->get_protocol_classic()->get_net()->read_pos=
     thd->get_protocol_classic()->get_raw_packet();
-  DBUG_PRINT("info", ("com_change_user_pkt_len=%u",
+  DBUG_PRINT("info", ("com_change_user_pkt_len=%lu",
     mpvio.protocol->get_packet_length()));
 
   if (command == COM_CHANGE_USER)
diff --git a/sql/protocol_classic.h b/sql/protocol_classic.h
@@ -1,7 +1,7 @@
 #ifndef PROTOCOL_CLASSIC_INCLUDED
 #define PROTOCOL_CLASSIC_INCLUDED
 
-/* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -202,7 +202,7 @@ class Protocol_classic : public Protocol
   /* Return packet string */
   String *get_packet();
   /* return packet length */
-  uint get_packet_length() { return packet_length; }
+  ulong get_packet_length() { return packet_length; }
   /* Return raw packet buffer */
   uchar *get_raw_packet() { return raw_packet; }
   /* Set read timeout */
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -1017,7 +1017,7 @@ bool do_command(THD *thd)
                      command_name[command].str));
 
   DBUG_PRINT("info", ("packet: '%*.s'; command: %d",
-             thd->get_protocol_classic()->get_packet_length(),
+             (int)thd->get_protocol_classic()->get_packet_length(),
              thd->get_protocol_classic()->get_raw_packet(), command));
   if (thd->get_protocol_classic()->bad_packet)
     DBUG_ASSERT(0);                // Should be caught earlier
