[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Jun 29 12:33:27 UTC 2017
The branch master has been updated
via 8530039a307f7aa8acb0516fdd38191baa91d434 (commit)
from 6fc1d33c90015d3ad5738ec99aaa12fdb9640295 (commit)
- Log -----------------------------------------------------------------
commit 8530039a307f7aa8acb0516fdd38191baa91d434
Author: Steven Danneman <sdanneman at securityinnovation.com>
Date: Tue Jun 27 15:53:11 2017 -0700
Fix double array increment in s_client mysql connect
The packet parsing code for the server version string was incrementing
the array index twice on every iteration. This meant that strings with
an even number of characters would pass, but strings with an odd number
(ex: 5.7.18-0ubuntu0.16.04.1) would cause the pos variable to get out
of sync.
This would cause a later failure with "MySQL packet is broken."
CLA: trivial
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3799)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index 393b311..56209ac 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2406,10 +2406,9 @@ int s_client_main(int argc, char **argv)
} else if (packet[pos++] == '\0') {
break;
}
- pos++;
}
- /* make sure we have more 15 bytes left in the packet */
+ /* make sure we have at least 15 bytes left in the packet */
if (pos + 15 > bytes) {
BIO_printf(bio_err,
"MySQL server handshake packet is broken.\n");
More information about the openssl-commits
mailing list