Bug #97091 COM_RESET_CONNECTION does not respect CLIENT_INTERACTIVE
Submitted: 2 Oct 2019 20:56 Modified: 7 Nov 2019 1:47
Reporter: Jason Rahman Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S2 (Serious)
Version:5.7+ OS:Any
Assigned to: CPU Architecture:Any

[2 Oct 2019 20:56] Jason Rahman 
Description:
If a connection is established with the CLIENT_INTERACTIVE flag set, COM_RESET_CONNECTION fails to set wait_timeout to interactive_timeout. This violates the expectation that CLIENT_INTERACTIVE instructs MySQL to set wait_timeout = interactive_timeout following COM_RESET_CONNECTION. Clients expecting the connection to be kept alive for interactive_timeout seconds instead experience errors rather than having a live and healthy connection to use following execution of COM_RESET_CONNECTION and then waiting less than interactive_timeout seconds.

How to repeat:
1. Open a connection to MySQL with the CLIENT_INTERACTIVE flag set
2. Execute 'SELECT @@session.wait_timeout;' to see that wait_timeout has been overridden with the value of interactive_timeout as expected
3. Execute COM_RESET_CONNECTION
4. Execute 'SELECT @@session.wait_timeout;' to see that wait_timeout is no longer reset to interactive_timeout as expected

Suggested fix:
Update the implementation of COM_RESET_CONNECTION to set wait_timeout = interactive_timeout if CLIENT_INTERACTIVE is set in the client capabilities negotiated on the original handshake.
[3 Oct 2019 11:44] MySQL Verification Team 
Hi Mr. Rahman,

Thank you for your bug report.

I have analysed code which is described in your first comment and I conclude that you are correct.

Would it be difficult for you to share your patch with us ???? You can use "Files" tab to upload it.

Verified as reported.