From: holyfootDate: October 15 2007 7:11am
Subject: bk commit into 5.0 tree (holyfoot:1.2538) BUG#29801

Below is the list of changes that have just been committed into a local
5.0 repository of hf. When hf does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-10-15 10:11:52+05:00, holyfoot@stripped +1 -0
  bug #29801 Federated engine crashes local server
                 if remote server sends malicious response.
  
  We need to check if the SHOW TABLE STATUS query we issue inside the
  FEDERATED engine returned the result with the proper (or just sufficient)
  number of rows. Otherwise statements like row[12] can crash the server.

  sql/ha_federated.cc@stripped, 2007-10-15 10:11:50+05:00, holyfoot@stripped +6 -1
    bug #29801 Federated engine crashes local server
                   if remote server sends malicious response.
    
    Return with the error if the remote server return fewer rows than we need.

diff -Nrup a/sql/ha_federated.cc b/sql/ha_federated.cc
--- a/sql/ha_federated.cc	2007-07-26 05:22:50 +05:00
+++ b/sql/ha_federated.cc	2007-10-15 10:11:50 +05:00
@@ -2528,7 +2528,12 @@ int ha_federated::info(uint flag)
     status_query_string.length(0);
 
     result= mysql_store_result(mysql);
-    if (!result)
+
+    /*
+      We're going to use fields num. 4, 12 and 13 of the resultset,
+      so make sure we have these fields.
+    */
+    if (!result || (mysql_num_fields(result) < 14))
       goto error;
 
     if (!mysql_num_rows(result))