Crasher in mysql auxprop plugin (patch attached)

Matthew Hardin mhardin at
Fri Jan 6 19:12:51 EST 2006


I just joined the Cyrus-sasl mailing lists, and I didn't see any obvious
place indicated to report bugs, so I'm going to try this list first. Please
let me know if there is a more appropriate place to report them.

In working an issue with one of our customers I came across a crasher in the
mysql auxprop plug-in in cyrus sasl 2.1.21. As currently written, the
function _mysql_exec in plugins/sql.c cannot always tell that there was an
error in an SQL operation. For example, if a query takes place requesting a
non-existent database column, mysql_real_query will return no error, so
_mysql_exec treats this as a successful operation. The function
sql_auxprop_lookup thinks that the lookup was successful and writes garbage
into the auxprop, and more often than not this will cause a core dump. The
good news is that mysql_errno will always return an error if one did occur,
even when mysql_real_query did not.

The attached patch applies cleanly to plugins/sql.c v1.28 2004/11/24
18:09:00. It modifies the _mysql_exec function to ignore the return code
from mysql_real_query and to instead call mysql_errno() to see if an error
has occurred. Note that a query that returns no data does not set
mysql_errno()and so the case is handled properly.

I have tested this patch with OpenLDAP 2.3 and it behaves appropriately.

Permission is hereby granted to use this patch under the terms of the
cyrus-sasl license.


Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sql.c.patch
Type: application/octet-stream
Size: 815 bytes
Desc: not available
Url :

More information about the Cyrus-devel mailing list