Bug #25371 mysql_change_user() triggers "packets out of sync"
Submitted: 2 Jan 2007 17:38 Modified: 18 Jun 2007 16:18
Reporter: Andrey Hristov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S2 (Serious)
Version:5.1 only OS:Any (All)
Assigned to: Andrey Hristov CPU Architecture:Any
Tags: mysql_change_user, regression

[2 Jan 2007 17:38] Andrey Hristov 
Description:
When the authentication fails or the database to change to is unknown, during a call to mysql_change_user(), and subsequent call to any function that does network communication leads to packets out of order. The reason is that libmysql (also Connector/J is "vulnerable") expects one error packet, if there is an error, but the server sends two packets. One specific and one :
my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));

Somehow, the second one should not be sent. Please see the example program.

How to repeat:
#include <stdio.h>
#include <mysql.h>

int main(void)
{
  MYSQL *mysql;
  int i;
  mysql = mysql_init(NULL);
  mysql = mysql_real_connect(mysql, "127.0.0.1", "foo", "bar", "test", 3306, NULL, 0);
  printf("error=%s\n", mysql_error(mysql));
  i = mysql_change_user(mysql, "foo", "bar", "test_12345");
  printf("error=%s i=%d\n", mysql_error(mysql), i);
  i = mysql_real_query(mysql, "select version()", sizeof("select version") - 1);
  printf("error=%s i=%d\n", mysql_error(mysql), i);

  mysql_close(mysql);
}

[18:34:53] andrey@lmy004:~/test> gcc -o change_user change_user.c -I/usr/local/mysql/include/mysql/ -lmysqlclient
[18:34:56] andrey@lmy004:~/test> ./change_user
error=
error=Unknown database 'test_12345' i=1
Packets out of order (Found: 2, expected 1)
error=Lost connection to MySQL server during query i=1
[2 Jan 2007 19:51] Andrey Hristov 
I tried to reproduce with 4.1.23 and 5.0.32 with no success. The bug seems limited to the 5.1 branch only. My version is : 5.1.15-beta-valgrind-max-debug-log
[17 Jan 2007 13:19] Andrey Hristov 
5.1.11 seems immune. The bug was introduced after it.
[16 Mar 2007 10:57] Valeriy Kravchuk 
Can't repeat with latest 5.1.17-BK on Linux:

openxs@suse:~/dbs/5.1> ./bug25371
error=
error=Access denied for user 'foo'@'localhost' (using password: YES) i=1
error=Lost connection to MySQL server during query i=1
openxs@suse:~/dbs/5.1> vi bug25371.c
openxs@suse:~/dbs/5.1> gcc -o bug25371 `$CFG --cflags` bug25371.c `$CFG --libs`
openxs@suse:~/dbs/5.1> ./bug25371
error=
error=Unknown database 'test_12345' i=1
error=Lost connection to MySQL server during query i=1
openxs@suse:~/dbs/5.1> bin/mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.17-beta Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
[16 Mar 2007 12:24] Andrey Hristov 
Hi Valeriy,
probably your test case was just doing mysql_change_user() and finishing, without doing anything after the call with invalid user/password. Here comes a simple example :
andrey@whirlpool:~/dev/php6_head> ./php -r '$c=mysqli_connect("127.0.0.1", "foo", "bar", "test");var_dump(mysqli_change_user($c, "foo2","bar", "tets"));'
bool(false)

andrey@whirlpool:~/dev/php6_head> ./php -r '$c=mysqli_connect("127.0.0.1", "foo", "bar", "test");var_dump(mysqli_change_user($c, "foo2","bar", "tets"));var_dump(mysqli_query($c, "select 1"));'
bool(false)
Error: Packets out of order (Found: 2, expected 1)
bool(false)

You can use ethereal/wireshark to see that extra error packet is sent. I think this should be verified, as Jan Kneschke also experiences the same problem and has to remove the second packet from the wire for his mysql proxy.
[16 Mar 2007 14:47] Andrey Hristov 
bk changes

ChangeSet@1.2476, 2007-03-15 13:08:24+04:00, ramil@ramil.myoffice.izhnet.ru +3 -0
  Merge mysql.com:/home/ram/work/b24558/b24558.5.0
  into  mysql.com:/home/ram/work/b24558/b24558.5.1
  MERGE: 1.1810.2373.143

ChangeSet@1.1810.2373.143, 2007-03-15 12:06:06+04:00, ramil@mysql.com +3 -0
  Fix for bug #24558: Increasing decimal column length causes data loss

  Altering to a decimal field we get double value then store it
  that may cause data loss.
  Fix: use store_decimal() instead.

ChangeSet@1.2475, 2007-03-09 14:39:24+01:00, guilhem@gbichot4.local +1 -0
  Fix for BUG#26971 "BUILD/check-cpu does not recognize Intel Core 2
  Duo T7400". Treat such CPU as Xeon. Here's /proc/cpuinfo for T7400:
  model name      : Intel(R) Core(TM)2 CPU         T7400  @ 2.16GHz
[21 May 2007 13:02] Andrey Hristov 
The problem was still existing in 5.1.17 but cannot be reproduced anymore with 5.1.18 and 5.1.19 . Thus moving to CRP.
[18 Jun 2007 16:18] Paul DuBois 
Noted in 5.1.18 changelog.

During a call to mysql_change_user(), when authentication fails or
the database to change to is unknown, a subsequent call to any
function that does network communication leads to packets out of
order. This problem was introduced in MySQL 5.1.14.