diff options
| author | Steven Danneman <sdanneman@securityinnovation.com> | 2017-06-28 00:53:11 +0200 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2017-06-29 14:20:14 +0200 |
| commit | 8530039a307f7aa8acb0516fdd38191baa91d434 (patch) | |
| tree | 0a19127e33f8b41710472db53f63f6eba57cc510 /apps/s_client.c | |
| parent | STORE 'file' scheme loader: refactor the treatment of matches (diff) | |
| download | openssl-8530039a307f7aa8acb0516fdd38191baa91d434.tar.xz openssl-8530039a307f7aa8acb0516fdd38191baa91d434.zip | |
Fix double array increment in s_client mysql connect
The packet parsing code for the server version string was incrementing
the array index twice on every iteration. This meant that strings with
an even number of characters would pass, but strings with an odd number
(ex: 5.7.18-0ubuntu0.16.04.1) would cause the pos variable to get out
of sync.
This would cause a later failure with "MySQL packet is broken."
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3799)
Diffstat (limited to 'apps/s_client.c')
| -rw-r--r-- | apps/s_client.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 393b311904..56209ac0f6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2406,10 +2406,9 @@ int s_client_main(int argc, char **argv) } else if (packet[pos++] == '\0') { break; } - pos++; } - /* make sure we have more 15 bytes left in the packet */ + /* make sure we have at least 15 bytes left in the packet */ if (pos + 15 > bytes) { BIO_printf(bio_err, "MySQL server handshake packet is broken.\n"); |