Bug #34082 Code execution prevention in Connection class
Submitted: 26 Jan 2008 20:30 Modified: 1 Mar 2008 11:26
Reporter: Alexander Maglyovany Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S3 (Non-critical)
Version:5.1.4 OS:Windows
Assigned to: CPU Architecture:Any
Tags: Code execution prevention

[26 Jan 2008 20:30] Alexander Maglyovany 
Description:
In Connection class in "internal void SetState" method
code execution never gets to line 417
while changing state to Connected by Open method.
All registered StateChange delegates get  only Connecting state.

How to repeat:
Register a System.Data.StateChangeEventHandler and call Open method.

Suggested fix:
Add 
SetState(ConnectionState.Connecting, false); 
into Open method, just after line 478 "driver.Configure(this);"
[26 Jan 2008 20:49] Alexander Maglyovany 
Sorry, here is really working fix.
On line 498 Connection.cs
******************************************************
hasBeenOpen = true;
SetState(ConnectionState.Connecting, false);
SetState(ConnectionState.Open, true);
[29 Jan 2008 15:41] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/41367
[29 Jan 2008 15:42] Reggie Burnett 
Fixed in 5.1.5 and 5.2+
[1 Mar 2008 11:05] MC Brown 
A note has been to the 5.1.5 and 5.2.0 changelogs: 

The status of connections reported through the state change handler was not being updated correctly