From: holyfootDate: October 15 2007 7:11am Subject: bk commit into 5.0 tree (holyfoot:1.2538) BUG#29801 Below is the list of changes that have just been committed into a local 5.0 repository of hf. When hf does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet@stripped, 2007-10-15 10:11:52+05:00, holyfoot@stripped +1 -0 bug #29801 Federated engine crashes local server if remote server sends malicious response. We need to check if the SHOW TABLE STATUS query we issue inside the FEDERATED engine returned the result with the proper (or just sufficient) number of rows. Otherwise statements like row[12] can crash the server. sql/ha_federated.cc@stripped, 2007-10-15 10:11:50+05:00, holyfoot@stripped +6 -1 bug #29801 Federated engine crashes local server if remote server sends malicious response. Return with the error if the remote server return fewer rows than we need. diff -Nrup a/sql/ha_federated.cc b/sql/ha_federated.cc --- a/sql/ha_federated.cc 2007-07-26 05:22:50 +05:00 +++ b/sql/ha_federated.cc 2007-10-15 10:11:50 +05:00 @@ -2528,7 +2528,12 @@ int ha_federated::info(uint flag) status_query_string.length(0); result= mysql_store_result(mysql); - if (!result) + + /* + We're going to use fields num. 4, 12 and 13 of the resultset, + so make sure we have these fields. + */ + if (!result || (mysql_num_fields(result) < 14)) goto error; if (!mysql_num_rows(result))