MySQL Server Protocol Bug
July 24th, 2010A few months ago I wrote a tool that verified MySQL and Drizzle protocol compatibility, along with testing for all sorts of edge cases. In analyzing protocol command interactions in mysqld, I found that the MySQL server will happily read an infinite amount of data if you exceed the maximum packet size while using a special sequence of protocol packets. The reasoning behind this behavior is so that the server can be polite and flush your data before sending a “max packet exceeded” error message, but perhaps there should be a limit to one’s politeness. What’s more interesting is that you can do this during the client handshake packet without authorization, so anyone could do this to any open MySQL server. The appropriate thing to do here would be to set some maximum limit of data to read and force a connection close when it is reached, otherwise your bandwidth and CPU could be consumed (essentially a DoS attack).
This portion of code was ripped out entirely in Drizzle, so there are no risks there. I submitted this as a bug to MySQL and MariaDB back in February and they both have patches available to fix this as well. You can find the bug here and a patch here. If you have publicly accessible MySQL or MariaDB servers, you probably want to upgrade binaries or patch this.
Posted in Drizzle, Main, MySQL2 Responses to "MySQL Server Protocol Bug"
-
[...] View full post on Planet Drizzle [...]
Leave a Reply
< Open Source Bridge Database Sessions || OSCON and OpenStack >
Wiki
About
Resume
RSS
Comments
Launchpad
identi.ca
OpenStack
Scale Stack
Gearman
NW Veg
Veg Food & Fit
Copyright (C) Eric Day - eday@oddments.org
All content licensed under the Creative Commons Attribution 3.0 License.
Hosted by Rackspace Cloud
Just a small addendum: “infinite” amount up to the connect timeout. Also, if the server is compiled without alarm support, no packets are skipped.