Crasher in mysql auxprop plugin (patch attached)

[Matthew Hardin]

Hi,

I just joined the Cyrus-sasl mailing lists, and I didn't see any obvious
place indicated to report bugs, so I'm going to try this list first. Please
let me know if there is a more appropriate place to report them.

In working an issue with one of our customers I came across a crasher in the
mysql auxprop plug-in in cyrus sasl 2.1.21. As currently written, the
function _mysql_exec in plugins/sql.c cannot always tell that there was an
error in an SQL operation. For example, if a query takes place requesting a
non-existent database column, mysql_real_query will return no error, so
_mysql_exec treats this as a successful operation. The function
sql_auxprop_lookup thinks that the lookup was successful and writes garbage
into the auxprop, and more often than not this will cause a core dump. The
good news is that mysql_errno will always return an error if one did occur,
even when mysql_real_query did not.

The attached patch applies cleanly to plugins/sql.c v1.28 2004/11/24
18:09:00. It modifies the _mysql_exec function to ignore the return code
from mysql_real_query and to instead call mysql_errno() to see if an error
has occurred. Note that a query that returns no data does not set
mysql_errno()and so the case is handled properly.

I have tested this patch with OpenLDAP 2.3 and it behaves appropriately.

Permission is hereby granted to use this patch under the terms of the
cyrus-sasl license.

Cheers,

Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
http://www.symas.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sql.c.patch
Type: application/octet-stream
Size: 815 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-devel/attachments/20060106/89d77cfe/sql.c.obj