Bug #81139 Missing break statement in mysql_read_default_options()
Submitted: 19 Apr 2016 11:46 Modified: 27 Apr 2016 13:29
Reporter: Georgi Kodinov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: C API (client library) Severity:S3 (Non-critical)
Version:5.7.11 OS:Any
Assigned to: CPU Architecture:Any

[19 Apr 2016 11:46] Georgi Kodinov
Description:
https://github.com/mysql/mysql-server/blob/5.7/sql-common/client.c#L1874

has a missing break statement (before the OPT_tls_version):

	case OPT_ssl_capath:
	  my_free(options->ssl_capath);
          options->ssl_capath = my_strdup(key_memory_mysql_options,
                                          opt_arg, MYF(MY_WME));
          break;
        case OPT_ssl_cipher:
          my_free(options->ssl_cipher);
          options->ssl_cipher= my_strdup(key_memory_mysql_options,
                                         opt_arg, MYF(MY_WME));
        case OPT_tls_version:
          EXTENSION_SET_SSL_STRING(options, tls_version, opt_arg, SSL_MODE_PREFERRED);
          break;

How to repeat:
Look at the code.

Suggested fix:
Add the break statement
[27 Apr 2016 13:29] Paul DuBois
Posted by developer:
 
Noted in 5.7.13 changelog.

The mysql_read_defaults_options() function was missing a break
statement, causing any option value for the --ssl-cipher option also
to be applied to the --tls-version option, with unpredictable
results.