Bug #39153 Failing to lookup a host name can lead to crash in current IPv6 implementation
Submitted: 1 Sep 2008 10:05 Modified: 7 Mar 2010 18:21
Reporter: Kristofer Pettersson Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:6.0-bzr OS:Any
Assigned to: Kristofer Pettersson CPU Architecture:Any

[1 Sep 2008 10:05] Kristofer Pettersson 
Description:
The reverse name lookup used to ensure the server that the client is who it says to be can fail. When it does it crashes because of an additional freeaddrinfo on an uninitialized structure.

When a host name is added to the host name cache we do a memcpy on sockaddr_storage structures but uses the size of struct addrinfo. This also caused a crash.

This bug report is spawed from http://bugs.mysql.com/bug.php?id=38804 

How to repeat:
memcpy bug is undeterministic.

The reverse name lookup bug was discovered when I used a dyndns service, and at the same time my ISPs name service refused requests.
[1 Sep 2008 10:06] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/52976

2810 Kristofer Pettersson	2008-09-01
      Bug#39153 Failing to lookup a host name can lead to crash in current IPv6 implementation
      
      The reverse name lookup used to ensure the server that the client is who it says to be can
      fail. When it does it crashes because of an additional freeaddrinfo on an uninitialized
      structure.
      
      When a host name is added to the host name cache we do a memcpy on sockaddr_storage
      structures but uses the size of struct addrinfo. This also caused a crash.
[17 Oct 2008 16:44] Bugs System 
Pushed into 6.0.7-alpha  (revid:kpettersson@mysql.com-20080901101150-4ne74r8v0492vv42) (version source revid:kpettersson@mysql.com-20080901101150-4ne74r8v0492vv42) (pib:5)
[20 Oct 2008 0:47] Paul DuBois 
Noted in 6.0.7 changelog.

Hostname lookup failure could lead to a server crash.
[3 Dec 2009 9:08] Bugs System 
Pushed into 5.6.0-beta (revid:alik@sun.com-20091202160026-699xnqx8c6a6t2lk) (version source revid:alik@sun.com-20091125105323-j82ts9ns936i45vv) (merge vers: 5.6.0-beta) (pib:13)
[3 Dec 2009 9:10] Bugs System 
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091202161413-u81nw1foglcu7nao) (version source revid:alik@sun.com-20091125105553-vvedtv1bpmugb1nj) (merge vers: 6.0.14-alpha) (pib:13)
[3 Dec 2009 20:48] Paul DuBois 
Noted in 5.6.0 changelog.

Already fixed in 6.0.x.
[6 Mar 2010 10:58] Bugs System 
Pushed into 5.5.3-m3 (revid:alik@sun.com-20100306103849-hha31z2enhh7jwt3) (version source revid:wlad@sol-20091204200504-9d3d3b6ad75ijkqo) (merge vers: 5.6.0-beta) (pib:16)
[7 Mar 2010 18:21] Paul DuBois 
Moved 5.6.0 changelog entry to 5.5.3.