From 496ee02cae6be6499e8b45ad3a24be2719d53d46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Thu, 18 Jan 2024 01:45:26 +0000 Subject: [PATCH] Input validation for mysql-server_capabilities Input validation on mysql-server_capabilities assumed that it was 16 bits (for historical reasons). This has now improved and supports up to 32 bits. Notes: - some capabilities are changed at runtime while performing the handshake with the client - even if we support 32 bits capabilities, many of them do not have any real meaning for proxysql (not supported) Closes #2091 --- lib/MySQL_Thread.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/MySQL_Thread.cpp b/lib/MySQL_Thread.cpp index 945ebe332f..47d3169d0b 100644 --- a/lib/MySQL_Thread.cpp +++ b/lib/MySQL_Thread.cpp @@ -1879,8 +1879,12 @@ bool MySQL_Threads_Handler::set_variable(char *name, const char *value) { // thi } } if (!strcasecmp(name,"server_capabilities")) { - int intv=atoi(value); - if (intv > 10 && intv <= 65535) { + // replaced atoi() with strtoul() to have a 32 bit result + uint32_t intv = strtoul(value, NULL, 10); + if (intv > 10) { + // Note that: + // - some capabilities are changed at runtime while performing the handshake with the client + // - even if we support 32 bits capabilities, many of them do not have any real meaning for proxysql (not supported) variables.server_capabilities=intv; return true; } else {