MySQL Bugs: #36640: proxy_lua_read_handshake return value handling make mysql-proxy 0.6.1 crash

Bug #36640	proxy_lua_read_handshake return value handling make mysql-proxy 0.6.1 crash
Submitted:	10 May 2008 5:39	Modified:	25 May 2008 10:58
Reporter:	David Mobe	Email Updates:
Status:	Duplicate	Impact on me:	None
Category:	MySQL Proxy: Core	Severity:	S2 (Serious)
Version:	0.6.1	OS:	Linux (AS 4 update 2)
Assigned to:		CPU Architecture:	Any
Tags:	Contribution, read_handshake

Description:
see in mysql-proxy-0.6.1\src\network-mysqld-proxy.c line 2439 to 2453:
switch (proxy_lua_read_handshake(con)) {
	case PROXY_NO_DECISION:
		break;
	case PROXY_SEND_QUERY:
		/* the client overwrote and wants to send its own packet
		 * it is already in the queue */

		recv_sock->packet_len = PACKET_LEN_UNSET;
		g_queue_delete_link(recv_sock->recv_queue->chunks, chunk);

		return RET_ERROR;
	default:
		g_error("%s.%d: ...", __FILE__, __LINE__);
		break;
	}
but see function "proxy_lua_read_handshake" code that it's return value has been forced into PROXY_NO_DECISION or PROXY_SEND_RESULT, so when we make a lua script to hook fuction "read_handshake" do some thing like this:
function read_handshake( auth )	
        if not auth.client_addr:match("^127.0.0.1:") then
                proxy.response.type = proxy.MYSQLD_PACKET_ERR
                proxy.response.errmsg = "only local connects are allowed"
                return proxy.PROXY_SEND_RESULT
        end
end
when this script was go into "return proxy.PROXY_SEND_RESULT", it will make proxy process crash immediately. 

How to repeat:
as in Description.

Suggested fix:
I recommended to fix the code of mysql-proxy-0.6.1\src\network-mysqld-proxy.c from line 2439 to 2453 like this:
switch (proxy_lua_read_handshake(con)) {
	case PROXY_NO_DECISION:
		break;
	case PROXY_SEND_RESULT:
		/* the client overwrote and wants to send its own packet
		 * it is already in the queue */

		recv_sock->packet_len = PACKET_LEN_UNSET;
		g_queue_delete_link(recv_sock->recv_queue->chunks, chunk);

		return RET_ERROR;
	default:
		g_error("proxy_lua_read_handshake return value invalid in %s.%d", __FILE__, __LINE__);
		
		recv_sock->packet_len = PACKET_LEN_UNSET;
		g_queue_delete_link(recv_sock->recv_queue->chunks, chunk);

		return RET_ERROR;
	}

Please do not submit the same bug more than once. An existing bug report already describes this very problem. Even if you feel that your issue is somewhat different, the resolution is likely
to be the same. Because of this, we hope you add your comments to the original bug instead.

Thank you for your interest in MySQL.

Duplicate of bug #33868

I just overlook the history bug report, and i'd copy the fix to the old report