Bug #111797 Certain sequence of special characters can break connection string validation.
Submitted: 18 Jul 2023 18:44 Modified: 24 Nov 2023 7:26
Reporter: Christopher Bahr Email Updates:
Status: Verified Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:8.2.0 OS:Any
Assigned to: CPU Architecture:Any

[18 Jul 2023 18:44] Christopher Bahr 
Description:
The MySqlConnectionStringBuilder class allows you to create connection strings even with reserved characters like ; - ,. However if constructed in the right sequence there is a validation step that throws exceptions.

The bug is in the AnalyzeConnectionString function which tries to make sure you aren't using certain combinations sets of options. https://github.com/mysql/mysql-connector-net/blob/8.0/MySQL.Data/src/MySqlBaseConnectionSt...

If you pass in a connection string with a password like foo;=bar,baz it will throw an exception during the string replacement on line 472 because the first argument to String.Replace is an empty string which is illegal.

The connection string is legal, this is not a case that the AnalyzeConnectionString is trying to prevent, just an inadvertent bug that can happen with strange passwords.

How to repeat:
The following code will reproduce the bug

var builder = new MySqlConnectionStringBuilder
{
	Server = "localhost",
	UserID = "root",
	Password = "foo;=bar,baz",
	Port = 3306,
	Database = "db",
};
var connection = new MySqlConnection(builder.ToString());

Suggested fix:
The code only uses the output of the string replacement in the case that the connection string has "dns-srv=true" and the parameter being processed is the "server" or "protocol" parameter. Either the value field could just not be computed unless the analysis is processing one of those parameters or a simple check before line 472 would work

if(keyword == string.Empty)
    continue;
[10 Oct 2023 12:01] MySQL Verification Team 
Hello Christopher,

Thank you for the bug report.
May I request you to please provide a complete test case(c# class) to reproduce this issue at our end?

Regards,
Ashwini Patil
[2 Nov 2023 19:15] Bradley Grainger 
Christopher provided code to reproduce in his initial bug report:

var builder = new MySqlConnectionStringBuilder
{
	Server = "localhost",
	UserID = "root",
	Password = "foo;=bar,baz",
	Port = 3306,
	Database = "db",
};
var connection = new MySqlConnection(builder.ToString());

A minimal repro is:

new MySqlConnection("password=\"foo;=bar,baz\"");
[11 Nov 2023 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[13 Nov 2023 18:22] Christopher Bahr 
As Bradley Grainger pointed out (thanks Bradley!) I provided code that reproduces in the initial report.

If it needs to be a whole self contained class then this should work.

public class Bug
{
    public void Test()
    {
        new MySql.Data.MySqlClient.MySqlConnection("password=\"foo;=bar,baz\"");
    }
}
[24 Nov 2023 7:26] MySQL Verification Team 
Thank you Bradley,Christopher.