diff --git a/include/mysql_com.h b/include/mysql_com.h index cea98cebc61..25bf58e58ba 100644 --- a/include/mysql_com.h +++ b/include/mysql_com.h @@ -148,6 +148,37 @@ enum enum_server_command #define CLIENT_SSL_VERIFY_SERVER_CERT (1UL << 30) #define CLIENT_REMEMBER_OPTIONS (1UL << 31) +/* Gather all possible capabilites (flags) supported by the server */ +#define CLIENT_ALL_FLAGS (CLIENT_LONG_PASSWORD | \ + CLIENT_FOUND_ROWS | \ + CLIENT_LONG_FLAG | \ + CLIENT_CONNECT_WITH_DB | \ + CLIENT_NO_SCHEMA | \ + CLIENT_COMPRESS | \ + CLIENT_ODBC | \ + CLIENT_LOCAL_FILES | \ + CLIENT_IGNORE_SPACE | \ + CLIENT_PROTOCOL_41 | \ + CLIENT_INTERACTIVE | \ + CLIENT_SSL | \ + CLIENT_IGNORE_SIGPIPE | \ + CLIENT_TRANSACTIONS | \ + CLIENT_RESERVED | \ + CLIENT_SECURE_CONNECTION | \ + CLIENT_MULTI_STATEMENTS | \ + CLIENT_MULTI_RESULTS | \ + CLIENT_SSL_VERIFY_SERVER_CERT | \ + CLIENT_REMEMBER_OPTIONS) + +/* + Switch off the flags that are optional and depending on build flags + If any of the optional flags is supported by the build it will be switched + on before sending to the client during the connection handshake. +*/ +#define CLIENT_BASIC_FLAGS (((CLIENT_ALL_FLAGS & ~CLIENT_SSL) \ + & ~CLIENT_COMPRESS) \ + & ~CLIENT_SSL_VERIFY_SERVER_CERT) + #define SERVER_STATUS_IN_TRANS 1 /* Transaction has started */ #define SERVER_STATUS_AUTOCOMMIT 2 /* Server in auto_commit mode */ #define SERVER_MORE_RESULTS_EXISTS 8 /* Multi query - next query exists */ diff --git a/sql/sql_connect.cc b/sql/sql_connect.cc index b22a33e3e92..b3acfd99991 100644 --- a/sql/sql_connect.cc +++ b/sql/sql_connect.cc @@ -700,20 +700,24 @@ static int check_connection(THD *thd) bzero((char*) &thd->remote, sizeof(thd->remote)); } vio_keepalive(net->vio, TRUE); + + ulong server_capabilites; { /* buff[] needs to big enough to hold the server_version variable */ char buff[SERVER_VERSION_LENGTH + SCRAMBLE_LENGTH + 64]; - ulong client_flags = (CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | - CLIENT_PROTOCOL_41 | CLIENT_SECURE_CONNECTION); + server_capabilites= CLIENT_BASIC_FLAGS; if (opt_using_transactions) - client_flags|=CLIENT_TRANSACTIONS; + server_capabilites|= CLIENT_TRANSACTIONS; #ifdef HAVE_COMPRESS - client_flags |= CLIENT_COMPRESS; + server_capabilites|= CLIENT_COMPRESS; #endif /* HAVE_COMPRESS */ #ifdef HAVE_OPENSSL if (ssl_acceptor_fd) - client_flags |= CLIENT_SSL; /* Wow, SSL is available! */ + { + server_capabilites |= CLIENT_SSL; /* Wow, SSL is available! */ + server_capabilites |= CLIENT_SSL_VERIFY_SERVER_CERT; + } #endif /* HAVE_OPENSSL */ end= strnmov(buff, server_version, SERVER_VERSION_LENGTH) + 1; @@ -732,7 +736,7 @@ static int check_connection(THD *thd) */ end= strmake(end, thd->scramble, SCRAMBLE_LENGTH_323) + 1; - int2store(end, client_flags); + int2store(end, server_capabilites); /* write server characteristics: up to 16 bytes allowed */ end[2]=(char) default_charset_info->number; int2store(end+3, thd->server_status); @@ -762,7 +766,7 @@ static int check_connection(THD *thd) if (thd->packet.alloc(thd->variables.net_buffer_length)) return 1; /* The error is set by alloc(). */ - thd->client_capabilities=uint2korr(net->read_pos); + thd->client_capabilities= uint2korr(net->read_pos); if (thd->client_capabilities & CLIENT_PROTOCOL_41) { thd->client_capabilities|= ((ulong) uint2korr(net->read_pos+2)) << 16; @@ -777,6 +781,11 @@ static int check_connection(THD *thd) thd->max_client_packet_length= uint3korr(net->read_pos+2); end= (char*) net->read_pos+5; } + /* + Disable those bits which are not supported by the server. + This is a precautionary measure, if the client lies. See Bug#27944. + */ + thd->client_capabilities&= server_capabilites; if (thd->client_capabilities & CLIENT_IGNORE_SPACE) thd->variables.sql_mode|= MODE_IGNORE_SPACE;