Skip to content

Tidy up buffer preparation in mysqlnd #9834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 2, 2022
Merged

Tidy up buffer preparation in mysqlnd #9834

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ext/mysqlnd/mysqlnd_driver.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ MYSQLND_METHOD(mysqlnd_object_factory, get_prepared_statement)(MYSQLND_CONN_DATA
mysqlnd_upsert_status_init(&stmt->upsert_status_impl);
stmt->upsert_status = &(stmt->upsert_status_impl);
stmt->state = MYSQLND_STMT_INITTED;
stmt->execute_cmd_buffer.length = 4096;
stmt->execute_cmd_buffer.length = MYSQLND_NET_CMD_BUFFER_MIN_SIZE;
stmt->execute_cmd_buffer.buffer = mnd_emalloc(stmt->execute_cmd_buffer.length);
stmt->prefetch_rows = MYSQLND_DEFAULT_PREFETCH_ROWS;

Expand Down
55 changes: 17 additions & 38 deletions ext/mysqlnd/mysqlnd_wireprotocol.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -322,35 +322,28 @@ mysqlnd_read_packet_header_and_body(MYSQLND_PACKET_HEADER * packet_header,
static enum_func_status
php_mysqlnd_greet_read(MYSQLND_CONN_DATA * conn, void * _packet)
{
zend_uchar buf[2048];
const zend_uchar * p = buf;
const zend_uchar * const begin = buf;
const zend_uchar * pad_start = NULL;
MYSQLND_PACKET_GREET *packet= (MYSQLND_PACKET_GREET *) _packet;
MYSQLND_ERROR_INFO * error_info = conn->error_info;
MYSQLND_PFC * pfc = conn->protocol_frame_codec;
MYSQLND_VIO * vio = conn->vio;
MYSQLND_STATS * stats = conn->stats;
MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
const size_t buf_len = pfc->cmd_buffer.length;
zend_uchar * const buf = (zend_uchar *) pfc->cmd_buffer.buffer;
const zend_uchar * p = buf;
const zend_uchar * const begin = buf;

DBG_ENTER("php_mysqlnd_greet_read");

if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, sizeof(buf), "greeting", PROT_GREET_PACKET)) {
if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, buf_len, "greeting", PROT_GREET_PACKET)) {
DBG_RETURN(FAIL);
}
BAIL_IF_NO_MORE_DATA;

packet->authentication_plugin_data.s = packet->intern_auth_plugin_data;
packet->authentication_plugin_data.l = sizeof(packet->intern_auth_plugin_data);

if (packet->header.size < sizeof(buf)) {
/*
Null-terminate the string, so strdup can work even if the packets have a string at the end,
which is not ASCIIZ
*/
buf[packet->header.size] = '\0';
}

packet->protocol_version = uint1korr(p);
p++;
BAIL_IF_NO_MORE_DATA;
Expand Down Expand Up @@ -641,8 +634,6 @@ size_t php_mysqlnd_auth_write(MYSQLND_CONN_DATA * conn, void * _packet)
/* }}} */


#define AUTH_RESP_BUFFER_SIZE 2048

/* {{{ php_mysqlnd_auth_response_read */
static enum_func_status
php_mysqlnd_auth_response_read(MYSQLND_CONN_DATA * conn, void * _packet)
Expand All @@ -653,27 +644,18 @@ php_mysqlnd_auth_response_read(MYSQLND_CONN_DATA * conn, void * _packet)
MYSQLND_VIO * vio = conn->vio;
MYSQLND_STATS * stats = conn->stats;
MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
zend_uchar local_buf[AUTH_RESP_BUFFER_SIZE];
size_t buf_len = pfc->cmd_buffer.buffer? pfc->cmd_buffer.length: AUTH_RESP_BUFFER_SIZE;
zend_uchar *buf = pfc->cmd_buffer.buffer? (zend_uchar *) pfc->cmd_buffer.buffer : local_buf;
const size_t buf_len = pfc->cmd_buffer.length;
zend_uchar * const buf = (zend_uchar *) pfc->cmd_buffer.buffer;
const zend_uchar * p = buf;
const zend_uchar * const begin = buf;

DBG_ENTER("php_mysqlnd_auth_response_read");

/* leave space for terminating safety \0 */
buf_len--;
if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, buf_len, "OK", PROT_OK_PACKET)) {
DBG_RETURN(FAIL);
}
BAIL_IF_NO_MORE_DATA;

/*
zero-terminate the buffer for safety. We are sure there is place for the \0
because buf_len is -1 the size of the buffer pointed
*/
buf[packet->header.size] = '\0';

/* Should be always 0x0 or ERROR_MARKER for error */
packet->response_code = uint1korr(p);
p++;
Expand Down Expand Up @@ -805,8 +787,6 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet)
/* }}} */


#define OK_BUFFER_SIZE 2048

/* {{{ php_mysqlnd_ok_read */
static enum_func_status
php_mysqlnd_ok_read(MYSQLND_CONN_DATA * conn, void * _packet)
Expand All @@ -817,9 +797,8 @@ php_mysqlnd_ok_read(MYSQLND_CONN_DATA * conn, void * _packet)
MYSQLND_VIO * vio = conn->vio;
MYSQLND_STATS * stats = conn->stats;
MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
zend_uchar local_buf[OK_BUFFER_SIZE];
const size_t buf_len = pfc->cmd_buffer.buffer? pfc->cmd_buffer.length : OK_BUFFER_SIZE;
zend_uchar * const buf = pfc->cmd_buffer.buffer? (zend_uchar *) pfc->cmd_buffer.buffer : local_buf;
const size_t buf_len = pfc->cmd_buffer.length;
zend_uchar * const buf = (zend_uchar *) pfc->cmd_buffer.buffer;
const zend_uchar * p = buf;
const zend_uchar * const begin = buf;
zend_ulong net_len;
Expand Down Expand Up @@ -1974,8 +1953,6 @@ size_t php_mysqlnd_sha256_pk_request_write(MYSQLND_CONN_DATA * conn, void * _pac
/* }}} */


#define SHA256_PK_REQUEST_RESP_BUFFER_SIZE 2048

/* {{{ php_mysqlnd_sha256_pk_request_response_read */
static enum_func_status
php_mysqlnd_sha256_pk_request_response_read(MYSQLND_CONN_DATA * conn, void * _packet)
Expand All @@ -1986,14 +1963,15 @@ php_mysqlnd_sha256_pk_request_response_read(MYSQLND_CONN_DATA * conn, void * _pa
MYSQLND_VIO * vio = conn->vio;
MYSQLND_STATS * stats = conn->stats;
MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
zend_uchar buf[SHA256_PK_REQUEST_RESP_BUFFER_SIZE];
zend_uchar *p = buf;
const size_t buf_len = pfc->cmd_buffer.length;
zend_uchar * const buf = (zend_uchar *) pfc->cmd_buffer.buffer;
const zend_uchar * p = buf;
const zend_uchar * const begin = buf;

DBG_ENTER("php_mysqlnd_sha256_pk_request_response_read");

/* leave space for terminating safety \0 */
if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, sizeof(buf), "SHA256_PK_REQUEST_RESPONSE", PROT_SHA256_PK_REQUEST_RESPONSE_PACKET)) {
if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, buf_len, "SHA256_PK_REQUEST_RESPONSE", PROT_SHA256_PK_REQUEST_RESPONSE_PACKET)) {
DBG_RETURN(FAIL);
}
BAIL_IF_NO_MORE_DATA;
Expand Down Expand Up @@ -2067,12 +2045,13 @@ php_mysqlnd_cached_sha2_result_read(MYSQLND_CONN_DATA * conn, void * _packet)
MYSQLND_VIO * vio = conn->vio;
MYSQLND_STATS * stats = conn->stats;
MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
zend_uchar buf[SHA256_PK_REQUEST_RESP_BUFFER_SIZE];
zend_uchar *p = buf;
const size_t buf_len = pfc->cmd_buffer.length;
zend_uchar * const buf = (zend_uchar *) pfc->cmd_buffer.buffer;
const zend_uchar * p = buf;
const zend_uchar * const begin = buf;

DBG_ENTER("php_mysqlnd_cached_sha2_result_read");
if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, sizeof(buf), "PROT_CACHED_SHA2_RESULT_PACKET", PROT_CACHED_SHA2_RESULT_PACKET)) {
if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, buf_len, "PROT_CACHED_SHA2_RESULT_PACKET", PROT_CACHED_SHA2_RESULT_PACKET)) {
DBG_RETURN(FAIL);
}
BAIL_IF_NO_MORE_DATA;
Expand Down