From 7aee4878474e32b96fb6d7a2ebbc6e400403cdec Mon Sep 17 00:00:00 2001 From: Richard Wilkes Date: Tue, 22 May 2018 09:21:55 -0700 Subject: [PATCH 1/5] Fix 'panic: runtime error: slice bounds out of range' --- packets.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packets.go b/packets.go index 6775d2860..2ffea41dd 100644 --- a/packets.go +++ b/packets.go @@ -226,7 +226,9 @@ func (mc *mysqlConn) readInitPacket() ([]byte, string, error) { // which seems to work but technically could have a hidden bug. cipher = append(cipher, data[pos:pos+12]...) pos += 13 - pluginName = string(data[pos : pos+bytes.IndexByte(data[pos:], 0x00)]) + if end := bytes.IndexByte(data[pos:], 0x00); end != -1 { + pluginName = string(data[pos : pos+end]) + } // TODO: Verify string termination // EOF if version (>= 5.5.7 and < 5.5.10) or (>= 5.6.0 and < 5.6.2) From e5b570644256f55ef9c45d003e2a96c02a0df9ec Mon Sep 17 00:00:00 2001 From: Richard Wilkes Date: Tue, 22 May 2018 09:29:37 -0700 Subject: [PATCH 2/5] Add to AUTHORS list as requested --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index 2f3a8d68f..07d0deee3 100644 --- a/AUTHORS +++ b/AUTHORS @@ -64,6 +64,7 @@ Paul Bonser Peter Schultz Rebecca Chin Reed Allman +Richard Wilkes Robert Russell Runrioter Wung Shuode Li From 4fa3c82856c601e726437fa86bca262f3019954e Mon Sep 17 00:00:00 2001 From: Richard Wilkes Date: Tue, 22 May 2018 09:49:31 -0700 Subject: [PATCH 3/5] Fallback to taking the rest of the data packet as the name --- packets.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packets.go b/packets.go index 2ffea41dd..32cc28fe1 100644 --- a/packets.go +++ b/packets.go @@ -228,6 +228,8 @@ func (mc *mysqlConn) readInitPacket() ([]byte, string, error) { pos += 13 if end := bytes.IndexByte(data[pos:], 0x00); end != -1 { pluginName = string(data[pos : pos+end]) + } else { + pluginName = string(data[pos:]) } // TODO: Verify string termination From 792a267f15e087b266eb3e626612dc0840dcd98e Mon Sep 17 00:00:00 2001 From: Richard Wilkes Date: Tue, 22 May 2018 09:59:01 -0700 Subject: [PATCH 4/5] Remove outdated comment; move comment about EOF --- packets.go | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/packets.go b/packets.go index 32cc28fe1..51dc8983b 100644 --- a/packets.go +++ b/packets.go @@ -203,6 +203,8 @@ func (mc *mysqlConn) readInitPacket() ([]byte, string, error) { } pos += 2 + // EOF if version (>= 5.5.7 and < 5.5.10) or (>= 5.6.0 and < 5.6.2) + // \NUL otherwise pluginName := "" if len(data) > pos { // character set [1 byte] @@ -232,15 +234,6 @@ func (mc *mysqlConn) readInitPacket() ([]byte, string, error) { pluginName = string(data[pos:]) } - // TODO: Verify string termination - // EOF if version (>= 5.5.7 and < 5.5.10) or (>= 5.6.0 and < 5.6.2) - // \NUL otherwise - // - //if data[len(data)-1] == 0 { - // return - //} - //return ErrMalformPkt - // make a memory safe copy of the cipher slice var b [20]byte copy(b[:], cipher) From 92170515d967065432643bc528ff6d992fa17633 Mon Sep 17 00:00:00 2001 From: Richard Wilkes Date: Tue, 22 May 2018 10:10:02 -0700 Subject: [PATCH 5/5] Move comment to appropriate spot --- packets.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packets.go b/packets.go index 51dc8983b..9b76fb040 100644 --- a/packets.go +++ b/packets.go @@ -203,8 +203,6 @@ func (mc *mysqlConn) readInitPacket() ([]byte, string, error) { } pos += 2 - // EOF if version (>= 5.5.7 and < 5.5.10) or (>= 5.6.0 and < 5.6.2) - // \NUL otherwise pluginName := "" if len(data) > pos { // character set [1 byte] @@ -228,6 +226,9 @@ func (mc *mysqlConn) readInitPacket() ([]byte, string, error) { // which seems to work but technically could have a hidden bug. cipher = append(cipher, data[pos:pos+12]...) pos += 13 + + // EOF if version (>= 5.5.7 and < 5.5.10) or (>= 5.6.0 and < 5.6.2) + // \NUL otherwise if end := bytes.IndexByte(data[pos:], 0x00); end != -1 { pluginName = string(data[pos : pos+end]) } else {