Bug #34082 Code execution prevention in Connection class
Submitted: 26 Jan 21:30 Modified: 1 Mar 12:26
Reporter: Alexander Maglyovany
Status: Closed
Category:Connector/Net Severity:S3 (Non-critical)
Version:5.1.4 OS:Microsoft Windows
Assigned to: Target Version:
Tags: Code execution prevention

[26 Jan 21:30] Alexander Maglyovany 
Description:
In Connection class in "internal void SetState" method
code execution never gets to line 417
while changing state to Connected by Open method.
All registered StateChange delegates get  only Connecting state.

How to repeat:
Register a System.Data.StateChangeEventHandler and call Open method.

Suggested fix:
Add 
SetState(ConnectionState.Connecting, false); 
into Open method, just after line 478 "driver.Configure(this);"
[26 Jan 21:49] Alexander Maglyovany 
Sorry, here is really working fix.
On line 498 Connection.cs
******************************************************
hasBeenOpen = true;
SetState(ConnectionState.Connecting, false);
SetState(ConnectionState.Open, true);
[29 Jan 16:41] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/41367
[29 Jan 16:42] Reggie Burnett 
Fixed in 5.1.5 and 5.2+
[1 Mar 12:05] MC Brown 
A note has been to the 5.1.5 and 5.2.0 changelogs: 

The status of connections reported through the state change handler was not being updated
correctly