Bug #102968 parse_com_change_user_packet missed to skip client_plugin name
Submitted: 15 Mar 2021 5:54 Modified: 16 Mar 2021 15:17
Reporter: andy zhang Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Connection Handling Severity:S3 (Non-critical)
Version:5.7 OS:Any
Assigned to: CPU Architecture:Any
Tags: Com_change_user

[15 Mar 2021 5:54] andy zhang 
Description:
This is a follow-up defect of https://bugs.mysql.com/bug.php?id=92954.

I found the fix in 5.7 is incomplete. parse_com_change_user_packet() skipped skip 2-bytes character set number but missed skipping the client_plugin name as we do in 8.0.

Here is the 8.0 codesnippet:

  if (protocol->has_client_capability(CLIENT_PLUGIN_AUTH)) {
    client_plugin = ptr + 2;
    /*
      ptr needs to be updated to point to correct position so that
      connection attributes are read properly.
    */
    ptr = ptr + 2 + strlen(client_plugin) + 1; <=== this line of code is missed in 5.7

    if (client_plugin >= end) {
      my_error(ER_UNKNOWN_COM_ERROR, MYF(0));
      return true;
    }

How to repeat:
Issue COM_CHANGE_USER from client with CLIENT_CONNECT_ATTRS capability

Suggested fix:
Add the line to 5.7
[16 Mar 2021 13:21] MySQL Verification Team 
Hi Mr. zhang,

Thank you for your report.

We shall have to double check this .....
[16 Mar 2021 15:17] MySQL Verification Team 
Hi,

This bug is verified now ......