Bug #34788 malformed federated connection url is not handled correctly - crashes server !
Submitted: 24 Feb 2008 13:23 Modified: 2 Apr 2008 20:36
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Federated storage engine Severity:S1 (Critical)
Version:5.0.56, 5.1.23 OS:Any
Assigned to: Sergey Vojtovich CPU Architecture:Any
Tags: GIGO
Triage: D1 (Critical)

[24 Feb 2008 13:23] Shane Bester
Description:
mysqld-release.exe!parse_url
mysqld-release.exe!ha_federated::create
mysqld-release.exe!ha_create_table
mysqld-release.exe!rea_create_table
mysqld-release.exe!mysql_create_table_no_lock
mysqld-release.exe!mysql_create_table
mysqld-release.exe!mysql_execute_command
mysqld-release.exe!mysql_parse
mysqld-release.exe!dispatch_command
mysqld-release.exe!do_command
mysqld-release.exe!handle_one_connection
mysqld-release.exe!pthread_start
mysqld-release.exe!_callthreadstart
mysqld-release.exe!_threadstart
kernel32.dll!BaseThreadStart

How to repeat:
drop temporary table if exists `t0`;
create temporary table `t0`(`a` int)engine=federated connection='mysql://@:://';

Suggested fix:
parse_url should be more robust and be able to graciously hand anything.
[24 Feb 2008 13:34] Valeriy Kravchuk
Thank you for a bug report. Verified just as described.
[20 Mar 2008 12:54] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/44281

ChangeSet@1.2599, 2008-03-20 16:50:05+04:00, svoj@mysql.com +3 -0
  BUG#34788 - malformed federated connection url is not handled
              correctly - crashes server !
  
  Createing federated table with connect string containing empty
  (zero-length) host name and port is evaluated as 0 (port is
  incorrect, omitted or 0) crashes server.
  
  This happens because federated calls strcmp() with NULL pointer.
  
  Fixed by avoiding strcmp() call if hostname is set to NULL.
[20 Mar 2008 14:21] Alexander Barkov
http://lists.mysql.com/commits/44281 is ok to push
[20 Mar 2008 14:46] Ingo Strüwing
Ok to push. But "Createing" is correctly spelled "Creating" IMHO.
[20 Mar 2008 15:12] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/44292

ChangeSet@1.2599, 2008-03-20 19:07:17+04:00, svoj@mysql.com +3 -0
  BUG#34788 - malformed federated connection url is not handled
              correctly - crashes server !
  
  Creating federated table with connect string containing empty
  (zero-length) host name and port is evaluated as 0 (port is
  incorrect, omitted or 0) crashes server.
  
  This happens because federated calls strcmp() with NULL pointer.
  
  Fixed by avoiding strcmp() call if hostname is set to NULL.
[27 Mar 2008 11:18] Bugs System
Pushed into 5.1.24-rc
[27 Mar 2008 11:21] Bugs System
Pushed into 5.0.60
[27 Mar 2008 17:50] Bugs System
Pushed into 6.0.5-alpha
[2 Apr 2008 20:36] Jon Stephens
Documented in the 5.0.60, 5.1.23-ndb-6.3.11, 5.1.24, and 6.0.5 changelogs as follows:

        A malformed URL used for a FEDERATED table's CONNECTION option value in a 
        CREATE TABLE statement was not handled correctly and could crash the 
        server.