Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 20f3fa1

Browse files
arr2036arr2036
committedAug 17, 2023
rlm_sql_mysql: Check validity of conn
If conn's magic number is still good, then there's an extremely high chance conn->sock != NULL. Closes #5144
1 parent d4dd6f9 commit 20f3fa1

File tree

1 file changed

+18
-32
lines changed

1 file changed

+18
-32
lines changed
 

‎src/modules/rlm_sql/drivers/rlm_sql_mysql/rlm_sql_mysql.c

+18-32
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ RCSID("$Id$")
3838
#ifdef HAVE_MYSQL_MYSQL_H
3939
# include <mysql/errmsg.h>
4040
DIAG_OFF(strict-prototypes) /* Seen with homebrew mysql client 5.7.13 */
41-
# include <mysql.h>
41+
# include <mysql/mysql.h>
4242
DIAG_ON(strict-prototypes)
4343
# include <mysql/mysqld_error.h>
4444
#elif defined(HAVE_MYSQL_H)
@@ -160,8 +160,9 @@ static int _sql_socket_destructor(rlm_sql_mysql_conn_t *conn)
160160
{
161161
DEBUG2("Socket destructor called, closing socket");
162162

163-
if (conn->sock){
163+
if (conn->sock) {
164164
mysql_close(conn->sock);
165+
conn->sock = NULL;
165166
}
166167

167168
return 0;
@@ -419,20 +420,13 @@ static sql_rcode_t sql_check_error(MYSQL *server, int client_errno)
419420

420421
static sql_rcode_t sql_query(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t const *config, char const *query)
421422
{
422-
rlm_sql_mysql_conn_t *conn = handle->conn;
423+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
423424
sql_rcode_t rcode;
424425
char const *info;
425426

426-
if (!conn->sock) {
427-
ERROR("Socket not connected");
428-
return RLM_SQL_RECONNECT;
429-
}
430-
431427
mysql_query(conn->sock, query);
432428
rcode = sql_check_error(conn->sock, 0);
433-
if (rcode != RLM_SQL_OK) {
434-
return rcode;
435-
}
429+
if (rcode != RLM_SQL_OK) return rcode;
436430

437431
/* Only returns non-null string for INSERTS */
438432
info = mysql_info(conn->sock);
@@ -443,15 +437,10 @@ static sql_rcode_t sql_query(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t c
443437

444438
static sql_rcode_t sql_store_result(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t const *config)
445439
{
446-
rlm_sql_mysql_conn_t *conn = handle->conn;
440+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
447441
sql_rcode_t rcode;
448442
int ret;
449443

450-
if (!conn->sock) {
451-
ERROR("Socket not connected");
452-
return RLM_SQL_RECONNECT;
453-
}
454-
455444
retry_store_result:
456445
conn->result = mysql_store_result(conn->sock);
457446
if (!conn->result) {
@@ -471,8 +460,8 @@ static sql_rcode_t sql_store_result(rlm_sql_handle_t *handle, UNUSED rlm_sql_con
471460

472461
static int sql_num_fields(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t const *config)
473462
{
463+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
474464
int num = 0;
475-
rlm_sql_mysql_conn_t *conn = handle->conn;
476465

477466
#if MYSQL_VERSION_ID >= 32224
478467
/*
@@ -514,18 +503,16 @@ static sql_rcode_t sql_select_query(rlm_sql_handle_t *handle, rlm_sql_config_t c
514503

515504
static int sql_num_rows(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t const *config)
516505
{
517-
rlm_sql_mysql_conn_t *conn = handle->conn;
506+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
518507

519-
if (conn->result) {
520-
return mysql_num_rows(conn->result);
521-
}
508+
if (conn->result) return mysql_num_rows(conn->result);
522509

523510
return 0;
524511
}
525512

526513
static sql_rcode_t sql_fields(char const **out[], rlm_sql_handle_t *handle, rlm_sql_config_t const *config)
527514
{
528-
rlm_sql_mysql_conn_t *conn = handle->conn;
515+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
529516

530517
unsigned int fields, i;
531518
MYSQL_FIELD *field_info;
@@ -556,7 +543,7 @@ static sql_rcode_t sql_fields(char const **out[], rlm_sql_handle_t *handle, rlm_
556543

557544
static sql_rcode_t sql_fetch_row(rlm_sql_row_t *out, rlm_sql_handle_t *handle, rlm_sql_config_t const *config)
558545
{
559-
rlm_sql_mysql_conn_t *conn = handle->conn;
546+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
560547
sql_rcode_t rcode;
561548
MYSQL_ROW row;
562549
int ret;
@@ -608,7 +595,7 @@ static sql_rcode_t sql_fetch_row(rlm_sql_row_t *out, rlm_sql_handle_t *handle, r
608595

609596
static sql_rcode_t sql_free_result(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t const *config)
610597
{
611-
rlm_sql_mysql_conn_t *conn = handle->conn;
598+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
612599

613600
if (conn->result) {
614601
mysql_free_result(conn->result);
@@ -639,7 +626,7 @@ static sql_rcode_t sql_free_result(rlm_sql_handle_t *handle, UNUSED rlm_sql_conf
639626
static size_t sql_warnings(TALLOC_CTX *ctx, sql_log_entry_t out[], size_t outlen,
640627
rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t const *config)
641628
{
642-
rlm_sql_mysql_conn_t *conn = handle->conn;
629+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
643630

644631
MYSQL_RES *result;
645632
MYSQL_ROW row;
@@ -705,11 +692,10 @@ static size_t sql_error(TALLOC_CTX *ctx, sql_log_entry_t out[], size_t outlen,
705692
rlm_sql_handle_t *handle, rlm_sql_config_t const *config)
706693
{
707694
rlm_sql_mysql_t *inst = talloc_get_type_abort(handle->inst->driver_submodule->dl_inst->data, rlm_sql_mysql_t);
708-
rlm_sql_mysql_conn_t *conn = handle->conn;
695+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
709696
char const *error;
710697
size_t i = 0;
711698

712-
fr_assert(conn && conn->sock);
713699
fr_assert(outlen > 0);
714700

715701
error = mysql_error(conn->sock);
@@ -719,7 +705,7 @@ static size_t sql_error(TALLOC_CTX *ctx, sql_log_entry_t out[], size_t outlen,
719705
*/
720706
if (error && (error[0] != '\0')) {
721707
error = talloc_typed_asprintf(ctx, "ERROR %u (%s): %s", mysql_errno(conn->sock), error,
722-
mysql_sqlstate(conn->sock));
708+
mysql_sqlstate(conn->sock));
723709
}
724710

725711
/*
@@ -774,7 +760,7 @@ static size_t sql_error(TALLOC_CTX *ctx, sql_log_entry_t out[], size_t outlen,
774760
static sql_rcode_t sql_finish_query(rlm_sql_handle_t *handle, rlm_sql_config_t const *config)
775761
{
776762
#if (MYSQL_VERSION_ID >= 40100)
777-
rlm_sql_mysql_conn_t *conn = handle->conn;
763+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
778764
int ret;
779765
MYSQL_RES *result;
780766

@@ -819,7 +805,7 @@ static sql_rcode_t sql_finish_query(rlm_sql_handle_t *handle, rlm_sql_config_t c
819805

820806
static int sql_affected_rows(rlm_sql_handle_t *handle, UNUSED rlm_sql_config_t const *config)
821807
{
822-
rlm_sql_mysql_conn_t *conn = handle->conn;
808+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
823809

824810
return mysql_affected_rows(conn->sock);
825811
}
@@ -828,7 +814,7 @@ static size_t sql_escape_func(UNUSED request_t *request, char *out, size_t outle
828814
{
829815
size_t inlen;
830816
rlm_sql_handle_t *handle = talloc_get_type_abort(arg, rlm_sql_handle_t);
831-
rlm_sql_mysql_conn_t *conn = handle->conn;
817+
rlm_sql_mysql_conn_t *conn = talloc_get_type_abort(handle->conn,rlm_sql_mysql_conn_t);
832818

833819
/* Check for potential buffer overflow */
834820
inlen = strlen(in);

0 commit comments

Comments
 (0)
Please sign in to comment.