Bug #67956 | The range of a transport-layer port" is [0, 65535] (unsigned short) | ||
---|---|---|---|
Submitted: | 20 Dec 2012 18:14 | Modified: | 4 Mar 2013 15:03 |
Reporter: | Tianyin Xu | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Options | Severity: | S3 (Non-critical) |
Version: | mysql-5.5.28 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[20 Dec 2012 18:14]
Tianyin Xu
[21 Dec 2012 13:42]
MySQL Verification Team
Thank you, verified as described on 5.5.29, 5.6.9
[23 Dec 2012 22:22]
Tianyin Xu
Hi, Shane, Thanks for the confirmation. I checked the reference manual, and there're three port directive that is configurable: "port", "report_port", and "master-port". "master-port" is obsolete, and it simply get the value of "port" (see #769 in storage/ndb/test/run-test/setup.cpp). So the previous patch fixed it. For "report_port", the exact same thing applies (see the patch below): --- mysql-5.5.28/sql/sys_vars.cc 2012-12-23 14:13:36.031139989 -0800 +++ ../Downloads/mysql-5.5.28/sql/sys_vars.cc 2012-12-23 14:13:14.051128375 -0800 @@ -1556,7 +1556,7 @@ #endif "built-in default (" STRINGIFY_ARG(MYSQL_PORT) "), whatever comes first", READ_ONLY GLOBAL_VAR(mysqld_port), CMD_LINE(REQUIRED_ARG, 'P'), - VALID_RANGE(0, UINT_MAX32), DEFAULT(0), BLOCK_SIZE(1)); + VALID_RANGE(0, 65535), DEFAULT(0), BLOCK_SIZE(1)); static Sys_var_ulong Sys_preload_buff_size( "preload_buffer_size", @@ -2777,7 +2777,7 @@ "port or if you have a special tunnel from the master or other clients " "to the slave. If not sure, leave this option unset", READ_ONLY GLOBAL_VAR(report_port), CMD_LINE(REQUIRED_ARG), - VALID_RANGE(0, UINT_MAX), DEFAULT(0), BLOCK_SIZE(1)); + VALID_RANGE(0, 65535), DEFAULT(0), BLOCK_SIZE(1)); #endif static Sys_var_mybool Sys_keep_files_on_create( Thanks! & Merry Xmas! Tianyin
[4 Mar 2013 15:03]
Paul DuBois
Noted in 5.7.1 changelog. The server did not enforce the port or report_port upper limit of 65,535 and truncated larger values.
[14 Jun 2023 10:43]
Stefan Heisl
The problem at hand is related to the range of a transport-layer port, which is defined as an "unsigned short" with a numeric span of [0, 65535]. However, the server currently fails to validate this range, resulting in a scenario where a hefty user input is silently truncated to an "unsigned short," leading to an overflow of integers. Based on the described symptoms, it seems that mysqld continues to listen on the truncated port without issuing any warnings or errors. To tackle this issue, it would be highly advantageous to impose strict adherence to the range of the transport-layer port. This simple modification will prove instrumental in thwarting typos and misunderstandings in the future. For more in-depth information, feel free to check out this source: https://networkustad.com/2023/05/16/energy-and-transportation/ It's remarkable to witness the proposed fix detailed in the bug report, which involves tweaking the sys_vars.cc file to specify the valid range for the port. Let's remain hopeful that this solution will be swiftly implemented to avert similar complications down the line. And hey, if any of you have additional insights or suggestions, feel free to share them with the community!