php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70063 Backronym fix breaks mysqlnd connection when configured without SSL
Submitted: 2015-07-13 12:10 UTC Modified: -
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: dominic dot benson at thirdlight dot com Assigned:
Status: Open Package: MySQL related
PHP Version: 5.4.43 OS: Linux
Private report: No CVE-ID: None
 [2015-07-13 12:10 UTC] dominic dot benson at thirdlight dot com
Description:
------------
The 5.4 patch for #69669 (https://bugs.php.net/patch-display.php?bug_id=69669&patch=backronym-5.4&revision=1436080071&display=1) causes a regression in mysqlnd whereby if MYSQLND_SSL_SUPPORTED is not defined, attempting to connect results in a 'Packets out of order' error.

This is because the patch introduces a new #else to the check, which calls PACKET_WRITE.
This affects the MySQL and MySQLi extensions when using mysqlnd.

The attached patch corrects this, and emits an E_WARNING if the CLIENT_SSL flag is set but cannot be honoured, rather than silently squashing it (which seemed rather contrary to the original purpose of the change). FWIW, I would probably advocate simply refusing to connect at all under those circumstances, but that is perhaps a more contentious change.


Test script:
---------------
<?php
mysql_connect();
mysqli_connect();

Expected result:
----------------
(No output)

Actual result:
--------------
PHP Warning:  Packets out of order. Expected 3 received 2. Packet size=22 in - on line 2
PHP Warning:  mysql_connect(): MySQL server has gone away in - on line 2
PHP Warning:  mysql_connect(): MySQL server has gone away in - on line 2
PHP Warning:  Packets out of order. Expected 3 received 2. Packet size=22 in - on line 3
PHP Warning:  mysql_connect(): MySQL server has gone away in - on line 3
PHP Warning:  mysql_connect(): MySQL server has gone away in - on line 3


Patches

mysql-client-ssl-handling-when-disabled.patch (last revision 2015-07-13 12:11 UTC by dominic dot benson at thirdlight dot com)

Pull Requests

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Dec 11 13:01:29 2024 UTC