Description:
A nullbyte in a string truncates that string and the remainder of the string is ignored.
Declaring something BINARY does not change a thing.
Declaring something BLOB does not change a thing. Our BLOBs aren't binary objects at all.
How to repeat:
root@localhost [world]> select version();
+----------------+
| version() |
+----------------+
| 5.0.18-max-log |
+----------------+
1 row in set (0.00 sec)
root@localhost [world]> select "aha\0b";
+-------+
| aha |
+-------+
| aha |
+-------+
1 row in set (0.00 sec)
root@localhost [world]> create table demo ( id serial, d varchar(20) not null );
Query OK, 0 rows affected (0.01 sec)
root@localhost [world]> insert into demo ( d ) values ( concat("a", "\0", "b") );
Query OK, 1 row affected (0.00 sec)
root@localhost [world]> select * from demo;
+----+-----+
| id | d |
+----+-----+
| 1 | a |
+----+-----+
1 row in set (0.00 sec)
root@localhost [world]> drop table demo;
Query OK, 0 rows affected (0.00 sec)
root@localhost [world]> create table demo ( id serial, d varchar(20) binary not null );
Query OK, 0 rows affected (0.00 sec)
root@localhost [world]> insert into demo ( d ) values ( concat("a", "\0", "b") );
Query OK, 1 row affected (0.00 sec)
root@localhost [world]> select * from demo;
+----+-----+
| id | d |
+----+-----+
| 1 | a |
+----+-----+
1 row in set (0.00 sec)
root@localhost [world]> drop table demo;
Query OK, 0 rows affected (0.00 sec)
root@localhost [world]> create table demo ( id serial, d blob );
Query OK, 0 rows affected (0.00 sec)
root@localhost [world]> insert into demo ( d ) values ( concat("a", "\0", "b") );
Query OK, 1 row affected (0.00 sec)
root@localhost [world]> select * from demo;
+----+------+
| id | d |
+----+------+
| 1 | a |
+----+------+
1 row in set (0.00 sec)
root@localhost [world]> drop table demo;
Query OK, 0 rows affected (0.00 sec)
Suggested fix:
Varchar have length bytes. They should be completely 8 bit clean and not use Nullbytes as terminators anywhere.
Description: A nullbyte in a string truncates that string and the remainder of the string is ignored. Declaring something BINARY does not change a thing. Declaring something BLOB does not change a thing. Our BLOBs aren't binary objects at all. How to repeat: root@localhost [world]> select version(); +----------------+ | version() | +----------------+ | 5.0.18-max-log | +----------------+ 1 row in set (0.00 sec) root@localhost [world]> select "aha\0b"; +-------+ | aha | +-------+ | aha | +-------+ 1 row in set (0.00 sec) root@localhost [world]> create table demo ( id serial, d varchar(20) not null ); Query OK, 0 rows affected (0.01 sec) root@localhost [world]> insert into demo ( d ) values ( concat("a", "\0", "b") ); Query OK, 1 row affected (0.00 sec) root@localhost [world]> select * from demo; +----+-----+ | id | d | +----+-----+ | 1 | a | +----+-----+ 1 row in set (0.00 sec) root@localhost [world]> drop table demo; Query OK, 0 rows affected (0.00 sec) root@localhost [world]> create table demo ( id serial, d varchar(20) binary not null ); Query OK, 0 rows affected (0.00 sec) root@localhost [world]> insert into demo ( d ) values ( concat("a", "\0", "b") ); Query OK, 1 row affected (0.00 sec) root@localhost [world]> select * from demo; +----+-----+ | id | d | +----+-----+ | 1 | a | +----+-----+ 1 row in set (0.00 sec) root@localhost [world]> drop table demo; Query OK, 0 rows affected (0.00 sec) root@localhost [world]> create table demo ( id serial, d blob ); Query OK, 0 rows affected (0.00 sec) root@localhost [world]> insert into demo ( d ) values ( concat("a", "\0", "b") ); Query OK, 1 row affected (0.00 sec) root@localhost [world]> select * from demo; +----+------+ | id | d | +----+------+ | 1 | a | +----+------+ 1 row in set (0.00 sec) root@localhost [world]> drop table demo; Query OK, 0 rows affected (0.00 sec) Suggested fix: Varchar have length bytes. They should be completely 8 bit clean and not use Nullbytes as terminators anywhere.