php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70063 Backronym fix breaks mysqlnd connection when configured without SSL
Submitted: 2015-07-13 12:10 UTC Modified: -
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: dominic dot benson at thirdlight dot com Assigned:
Status: Open Package: MySQL related
PHP Version: 5.4.43 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dominic dot benson at thirdlight dot com
New email:
PHP Version: OS:

 

 [2015-07-13 12:10 UTC] dominic dot benson at thirdlight dot com 
Description:
------------
The 5.4 patch for #69669 (https://bugs.php.net/patch-display.php?bug_id=69669&patch=backronym-5.4&revision=1436080071&display=1) causes a regression in mysqlnd whereby if MYSQLND_SSL_SUPPORTED is not defined, attempting to connect results in a 'Packets out of order' error.

This is because the patch introduces a new #else to the check, which calls PACKET_WRITE.
This affects the MySQL and MySQLi extensions when using mysqlnd.

The attached patch corrects this, and emits an E_WARNING if the CLIENT_SSL flag is set but cannot be honoured, rather than silently squashing it (which seemed rather contrary to the original purpose of the change). FWIW, I would probably advocate simply refusing to connect at all under those circumstances, but that is perhaps a more contentious change.


Test script:
---------------
<?php
mysql_connect();
mysqli_connect();

Expected result:
----------------
(No output)

Actual result:
--------------
PHP Warning:  Packets out of order. Expected 3 received 2. Packet size=22 in - on line 2
PHP Warning:  mysql_connect(): MySQL server has gone away in - on line 2
PHP Warning:  mysql_connect(): MySQL server has gone away in - on line 2
PHP Warning:  Packets out of order. Expected 3 received 2. Packet size=22 in - on line 3
PHP Warning:  mysql_connect(): MySQL server has gone away in - on line 3
PHP Warning:  mysql_connect(): MySQL server has gone away in - on line 3

Patches

mysql-client-ssl-handling-when-disabled.patch (last revision 2015-07-13 12:11 UTC by dominic dot benson at thirdlight dot com)

Pull Requests
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 18:01:29 2024 UTC