[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Thu Jun 29 12:33:27 UTC 2017


The branch master has been updated
       via  8530039a307f7aa8acb0516fdd38191baa91d434 (commit)
      from  6fc1d33c90015d3ad5738ec99aaa12fdb9640295 (commit)


- Log -----------------------------------------------------------------
commit 8530039a307f7aa8acb0516fdd38191baa91d434
Author: Steven Danneman <sdanneman at securityinnovation.com>
Date:   Tue Jun 27 15:53:11 2017 -0700

    Fix double array increment in s_client mysql connect
    
    The packet parsing code for the server version string was incrementing
    the array index twice on every iteration. This meant that strings with
    an even number of characters would pass, but strings with an odd number
    (ex: 5.7.18-0ubuntu0.16.04.1) would cause the pos variable to get out
    of sync.
    
    This would cause a later failure with "MySQL packet is broken."
    
    CLA: trivial
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3799)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 393b311..56209ac 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2406,10 +2406,9 @@ int s_client_main(int argc, char **argv)
                 } else if (packet[pos++] == '\0') {
                     break;
                 }
-                pos++;
             }
 
-            /* make sure we have more 15 bytes left in the packet */
+            /* make sure we have at least 15 bytes left in the packet */
             if (pos + 15 > bytes) {
                 BIO_printf(bio_err,
                            "MySQL server handshake packet is broken.\n");


More information about the openssl-commits mailing list