This fixes issues causing buffer over-read that leak heap content:
- RESP packet field default left over for COM_LIST
- RESP packet upsert filename
- OK packet message
- RESP packet for stmt row data
- ps_fetch_from_1_to_8_bytes
- ps_fetch_float
- ps_fetch_double
- ps_fetch_time
- ps_fetch_date
- ps_fetch_datetime
- ps_fetch_string
- ps_fetch_bit
- RESP packet for query row data (just possible overflow on 32bit)
It also adds various protocol tests using a new fake server.
Since the mysqlnd result set is arena allocated, we must not simply
free it, but rather call the appropriate `free_result` method.
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
This partially backports that PR to stable branches as it has been in master
without reported problems so far.
It's only a partial backport because the stable branches don't have the
ZTS persistent resource fix that would fix shutdown crashes, i.e. the
code change in mysqlnd_vio's close_stream is not backported.
This is fully fixed on master.
Closes GH-14324.
Closes GH-10599.
The x86-32 build uses a fast path, but when I disabled the fast path I
got the following compile error with -Werror:
mysqlnd_portability.h:221:95: error: right shift count >= width of type [-Werror=shift-count-overflow]
For 32-bit platforms that don't have the fast path, this can cause
undefined behaviour at runtime. Some CPUs just mask the shift amount
so in those cases you even get wrong results.
This is not always found during the build because -Werror is off by
default.
The character set ID included in the handshake data at the time of connection
actually only includes the lower 8 bits of the ID, so if try to use this to specify
a character set, the corresponding character set may not exist.
In case of an invalid character set, the default character set is now used
without an error.
Fixes#13452Closes#13470
The character set ID included in the handshake data at the time of connection
actually only includes the lower 8 bits of the ID, so if try to use this to specify
a character set, the corresponding character set may not exist.
In case of an invalid character set, the default character set is now used
without an error.
Fixes#13452Closes#13470
* PHP-8.2:
Fix GH-11997: ctype_alnum 5 times slower in PHP 8.1 or greater
Fix GH-12297: PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line
* PHP-8.1:
Fix GH-11997: ctype_alnum 5 times slower in PHP 8.1 or greater
Fix GH-12297: PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line
On some configurations, the COMPILE_DL_MYSQLND must come from config.h.
If it isn't set, the get_module function won't be exposed, resulting in
a failure when trying to load the library.
It's the same issue ext/fileinfo had a while back that was fixed in
b0ba368d5.
Closes GH-12299.
This syncs the style of the --enable-mysqlnd-compression-support option
name, otherwise in Autoconf both --enable-foo_bar and --enable-foo-bar
work.
Also the configure output message is synced to match the check
information.
* PHP-8.2:
Fix GH-10964: Improve `man` page about the built-in server
Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters
* PHP-8.1:
Fix GH-10964: Improve `man` page about the built-in server
Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters
https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html
tells us that the nonce used in this authentication method is 20 bytes
long. However, we might receive additional scramble data in
php_mysqlnd_greet_read not used in this method.
On my test setup, I received 21 bytes (20 bytes + '\0'). This resulted
in the xor computation to incorrectly include the NUL byte. Every
password of at least 20 characters therefore failed to authenticate
using this method.
Looking at mysql-server source code also seems to reveal that it always
uses a fixed number of scramble bytes [1].
[1] ea7087d885/sql/auth/sha2_password.cc (L1078-L1079)
Closes GH-11445.
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
