diff -Naurp mysql-cluster-gpl-7.1.3/include/mysql_com.h mysql-cluster-gpl-7.1.3.oden/include/mysql_com.h --- mysql-cluster-gpl-7.1.3/include/mysql_com.h 2010-03-29 16:48:35.000000000 +0200 +++ mysql-cluster-gpl-7.1.3.oden/include/mysql_com.h 2010-05-26 14:00:55.600207585 +0200 @@ -286,6 +286,16 @@ typedef struct st_net { /** Client library sqlstate buffer. Set along with the error message. */ char sqlstate[SQLSTATE_LENGTH+1]; void *extension; +#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY) + /* + Controls whether a big packet should be skipped. + + Initially set to FALSE by default. Unauthenticated sessions must have + this set to FALSE so that the server can't be tricked to read packets + indefinitely. + */ + my_bool skip_big_packet; +#endif } NET; diff -Naurp mysql-cluster-gpl-7.1.3/sql/net_serv.cc mysql-cluster-gpl-7.1.3.oden/sql/net_serv.cc --- mysql-cluster-gpl-7.1.3/sql/net_serv.cc 2010-03-29 16:51:25.000000000 +0200 +++ mysql-cluster-gpl-7.1.3.oden/sql/net_serv.cc 2010-05-26 14:00:55.600207585 +0200 @@ -140,6 +140,9 @@ my_bool my_net_init(NET *net, Vio* vio) #else net->query_cache_query= 0; #endif +#if defined(MYSQL_SERVER) && !defined(EMBEDDED_LIBRARY) + net->skip_big_packet= FALSE; +#endif if (vio != 0) /* If real connection */ { @@ -954,6 +957,7 @@ my_real_read(NET *net, size_t *complen) { #if defined(MYSQL_SERVER) && !defined(NO_ALARM) if (!net->compress && + net->skip_big_packet && !my_net_skip_rest(net, (uint32) len, &alarmed, &alarm_buff)) net->error= 3; /* Successfully skiped packet */ #endif diff -Naurp mysql-cluster-gpl-7.1.3/sql/sql_connect.cc mysql-cluster-gpl-7.1.3.oden/sql/sql_connect.cc --- mysql-cluster-gpl-7.1.3/sql/sql_connect.cc 2010-03-29 16:51:27.000000000 +0200 +++ mysql-cluster-gpl-7.1.3.oden/sql/sql_connect.cc 2010-05-26 14:00:55.601207063 +0200 @@ -474,6 +474,13 @@ check_user(THD *thd, enum enum_server_co } my_ok(thd); thd->password= test(passwd_len); // remember for error messages + /* + Allow the network layer to skip big packets. Although a malicious + authenticated session might use this to trick the server to read + big packets indefinitely, this is a previously established behavior + that needs to be preserved as to not break backwards compatibility. + */ + thd->net.skip_big_packet= TRUE; /* Ready to handle queries */ DBUG_RETURN(0); }