Bug #92789 MySQL Net connector 8.0.12 sends illegal connect attributes.
Submitted: 16 Oct 2018 4:54 Modified: 22 Oct 2018 12:18
Reporter: Xiangyu Hu Email Updates:
Status: Verified Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:8.0.12 OS:Microsoft Windows (Windows 7/10)
Assigned to: CPU Architecture:x86
Tags: Connector;

[16 Oct 2018 4:54] Xiangyu Hu
Description:
MySQL Net connector 8.0.12 is sending a wrong format of mysql login packet.  It would be failed to be parsed by some frontend MySQL proxies, and impact customer connections.

Let's see the Hex and ASCII bytes below and check the "_os_details" attribute. Its value has 0x18 (0n24) bytes long ("Microsoft Windows 7 ......"). The next encoded byte is 0x88 which is obviously out of range.

0000   05 01 00 01 8f a2 1f 00 ff ff ff 00 21 00 00 00  ............!...
0010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0020   00 00 00 00 69 74 5f 64 74 79 40 64 61 74 61 2d  ....it_dty@data-
0030   63 65 6e 74 65 72 2d 64 62 00 14 26 da b1 90 a4  center-db..&....
0040   88 1c 39 3f 97 b9 7d 0b 81 94 47 4d 22 62 38 64  ..9?..}...GM"b8d
0050   61 74 61 5f 63 65 6e 74 65 72 00 6d 79 73 71 6c  ata_center.mysql
0060   5f 6e 61 74 69 76 65 5f 70 61 73 73 77 6f 72 64  _native_password
0070   00 97 0c 5f 63 6c 69 65 6e 74 5f 6e 61 6d 65 13  ..._client_name.
0080   4d 79 53 71 6c 20 43 6f 6e 6e 65 63 74 6f 72 2f  MySql Connector/
0090   4e 45 54 04 5f 70 69 64 04 35 34 33 36 0f 5f 63  NET._pid.5436._c
00a0   6c 69 65 6e 74 5f 76 65 72 73 69 6f 6e 08 38 2e  lient_version.8.
00b0   30 2e 31 32 2e 30 09 5f 70 6c 61 74 66 6f 72 6d  0.12.0._platform
00c0   06 78 38 36 5f 36 34 03 5f 6f 73 05 57 69 6e 36  .x86_64._os.Win6
00d0   34 0b 5f 6f 73 5f 64 65 74 61 69 6c 73 18 4d 69  4._os_details.Mi
00e0   63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20  crosoft Windows 
00f0   37 20 e6 97 97 e8 88 b0 e7 89 88 20 07 5f 74 68  7 ......... ._th
0100   72 65 61 64 04 36 32 31 36                       read.6216

How to repeat:
Write a simple client and reference to MySQL Net connector 8.0.12 and connect to a Microsoft Azure MySQL service, the connection string is not correct. Wireshark discloses that the length-encoded format is broken.
[16 Oct 2018 6:59] Bradley Grainger
The bug is here: https://github.com/mysql/mysql-connector-net/blob/68c54371821c87ff40a773acc127ce357b46a5ae...

Connector/NET computes the length of the C# string (which is in chars, i.e., UTF-16 code units) and then converts the string to UTF-8 for serialization across the wire.

The OP's OS name is “Microsoft Windows 7 旗舰版 ”, which is 24 characters (0x18). But this becomes 30 bytes (0x1E) when encoded in UTF-8, so Connector/NET should have written 0x1C for the size of the length-encoded string, not 0x18.

Since this version of the connector is out in the wild, Microsoft will need to update their Azure proxy to detect “_client_version” = 8.0.12.0, assume the prefix byte is wrong, and perform UTF-8 decoding on client-supplied connection attributes as they're being deserialized. Or just read the prefix byte at the beginning of this block (i.e., 0x97 in this case) and skip the whole thing.
[16 Oct 2018 18:32] Bradley Grainger
Typo in previous comment.

"But this becomes 30 bytes (0x1E) when encoded in UTF-8, so Connector/NET should have written 0x1C for the size of the length-encoded string, not 0x18."

should read

"should have written 0x1E"
[18 Oct 2018 4:06] Xiangyu Hu
Thank you Bradley for your detailed root cause.
Since Connector/Net (always) uses UTF-8 across the wire, can a fix be made to make sure the encoded length be set to its UTF-8 size of each attribute? MySQL's definition on Protocol::LengthEncodedString did not rule's its encoding format but the length should be consistant with its real length of bytes.
[22 Oct 2018 12:18] Umesh Shastry
Thank you Xiangyu, for the report and Bradley Grainger for the details.

regards,
Umesh